Virtual Machine Monitor-based Hiding Method for Access to Debug Registers

Masaya Sato, Hideo Taniguchi, Ryosuke Nakamura

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

To secure a guest operating system running on a virtual machine (VM), a monitoring method using hardware breakpoints by a virtual machine monitor is required. However, debug registers are visible to guest operating systems; thus, malicious programs on a guest operating system can detect or disable the monitoring method. This paper presents a method to hide access to debug registers from programs running on a VM. Our proposed method detects programs’ access to debug registers and disguises the access as having succeeded. The register’s actual value is not visible or modifiable to programs, so the monitoring method is hidden. This paper presents the basic design and evaluation results of our method.

Original languageEnglish
Title of host publicationProceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages209-214
Number of pages6
ISBN (Electronic)9781728182216
DOIs
Publication statusPublished - Nov 2020
Event8th International Symposium on Computing and Networking, CANDAR 2020 - Virtual, Naha, Japan
Duration: Nov 24 2020Nov 27 2020

Publication series

NameProceedings - 2020 8th International Symposium on Computing and Networking, CANDAR 2020

Conference

Conference8th International Symposium on Computing and Networking, CANDAR 2020
CountryJapan
CityVirtual, Naha
Period11/24/2011/27/20

Keywords

  • Debug register
  • System security
  • Virtual machine monitor

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computational Theory and Mathematics
  • Computer Networks and Communications
  • Computer Science Applications
  • Software

Fingerprint Dive into the research topics of 'Virtual Machine Monitor-based Hiding Method for Access to Debug Registers'. Together they form a unique fingerprint.

Cite this