HBSP: A Lightweight Hardware Virtualization Based Framework for Transparent Software Protection in Commodity Operating Systems

Commodity operating systems are usually large and complex, leading host-based security tools often provide inadequate protection against malware because execution environment for software is untrusted. As a result, most software currently uses various ways to defend malware attacks. However, these approaches not only raise the complexity of the software but also fail to offer an engrained security solution. The focal point in the software protection battle is how to protect effectively versus how to conceal the protector from untrusted OSes. This paper describes a lightweight, transparent and flexible architecture framework called HBSP (Hypervisor Based Software Protector)for software protection. HBSP, which is based on hardware virtualization extension technology such as Intel VT, and by taking advantage of Memory-Hiding strategy, resides completely outside of the target OS environment. Our security analysis and the performance experiment results demonstrate that HBSP effectively protects applications running on unmodified Windows XP, while the total overhead is only 0.25% in average.