Virtual machine-provided context sensitive page mappings

Context sensitive page mappings provide different mappings from virtual addresses to physical page frames depending on whether a memory reference occurs in a data or instruction context. Such differences can be used to modify the behavior of programs that reference their executable code in a data context. Previous work has demonstrated several applications of context sensitive page mappings, including protection against buffer-overrun attacks and circumvention of self-checksumming codes. We extend context sensitive page mappings to the virtual machine monitor, allowing operation independent of the guest operating system. Our technique takes advantage of the VMM's role in enforcing protection between guest operating systems to interpose on guest OS memory management operations and selectively introduce context sensitive page mappings. In this paper, we describe extensions to the Xen hypervisor that support context sensitive page mappings in unmodified guest operating systems. We demonstrate the utility of our technique in a case study by instrumenting and modifying self-checksumming tamper-resistant binaries. We further demonstrate that context sensitive page mappings can be provided by the VMM without incurring extensive overhead. Our measurements indicate only minor performance penalties stem from use of this technique. We suggest several further applications of VMM-provided context sensitive page mappings, including OS hardening and protection of processes from malicious applications.