Hypervisors as a Foothold for Personal Computer Security: An Agenda for the Research Community

TitleHypervisors as a Foothold for Personal Computer Security: An Agenda for the Research Community
Publication TypeTechnical Report
Year of Publication2012
AuthorsZaharia, M., Katti S., Grier C., Paxson V., Shenker S., Stoica I., & Song D.
Other Numbers3375

The current consumer software stack makes end-usersystems extremely difficult to secure. Consumer operatingsystems are large and complex, so they are easilysubverted by malware, which makes its way onto users’machines either by exploiting vulnerable applications orthrough social engineering. Once malware has compromisedthe OS, it can easily disable security applicationsrunning in the OS. Afterwards, the malware is free to engagein information theft or to enlist the user’s machinein attacks on third parties. As a result, there is a flourishingmarket in compromised bank accounts, credit cards,login credentials, and botnets [14].Developing solutions that both significantly improvesecurity and can feasibly be deployed is a major challengefor researchers and OS vendors. Reengineeringoperating systems is too costly to be practical, trustedhardware is difficult to deploy widely in the near term,and mechanisms that work within the current softwarestack invariably get compromised.In this paper, we argue for an approach that leveragesthe growing trend of virtualization: significantly improveend-user security through a hypervisor for personal computers.Two factors motivate this approach. First, as asmall programmable layer between the OS, the network,and the hardware, the hypervisor is a uniquely attractiveinsertion point for security. Second, hardware virtualizationsupport has been available in desktop and laptopCPUs for several years, and lowers the overhead of virtualizationbelow the point where most users would notice.Hypervisors thus represent one of the best opportunitiesto sidestep the vulnerable consumer software stack.Previous work has explored security uses for hypervisorsin isolating applications [11], protecting the OSfrom rootkits [22], and reducing the impact of bots [12].However, we believe that there is a broader opportunityto directly improve user security without severely degradingthe user experience. To illustrate, we discussseveral hypervisor-based primitives that protect users’interactions with online services (e.g., banks) from bothmalware and phishing. These include a secure remote UIthat hides the entire interaction from the OS and user authenticationand secure input primitives that can be calledfrom existing applications, including web applications.We also sketch how hypervisors can inform users whentheir machine is infected by malware and aid in cleaningit up, both of which are pain points for users.The purpose of this paper is to propose the creation ofa security-enhancing hypervisor for PCs as a collaborativeagenda for the research community. This agenda isnot necessarily about answering fundamentally new researchquestions. Rather, it is a call to action about arare chance for the community to have substantial impact.If researchers demonstrate compelling near-termbenefits from a modest security layer, then OS vendorsmay adopt such a layer as a way to increase securitywithout costly reengineering. The introduction of thissecure foothold into the consumer software stack couldthen yield significant long-term benefits by providing amuch better avenue for deploying security solutions.This agenda consists of two parts: (1) exploring howhypervisors can address end-user security issues and (2)exploring how to architect a small, secure hypervisor thatprovides several of these facilities. We believe that thereare interesting and worthwhile challenges in both parts.The rest of this paper is organized as follows. We beginby explaining why hypervisors provide a highly attractiveinsertion point for security (x2) and summarizingwork in this area (x3). We then discuss security facilitiesthat a hypervisor can provide in x4, with a focuson trusted paths to online services. We conclude by discussingchallenges associated with our proposal in x5.

Bibliographic Notes

EECS Department, UC Berkeley Technical Report No. UCB/EECS-2012-12, Berkeley, California

Abbreviated Authors

M. Zaharia, S. Katti, C. Grier, V. Paxson, S. Shenker, I. Stoica and D. Song

ICSI Research Group

Networking and Security

ICSI Publication Type

Technical Report