Proceedings ArticleDOI
BitVisor: a thin hypervisor for enforcing i/o device security
Takahiro Shinagawa,Hideki Eiraku,Kouichi Tanimoto,Kazumasa Omote,Shoichi Hasegawa,Takashi Horie,Manabu Hirano,Kenichi Kourai,Yoshihiro Oyama,Eiji Kawai,Kenji Kono,Shigeru Chiba,Yasushi Shinjo,Kazuhiko Kato +13 more
- pp 121-130
TLDR
A hypervisor architecture, called parapass-through, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by thehypervisor.Abstract:
Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs.This paper introduces a hypervisor architecture, called parapass-through, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also allows to run only single VM on it, eliminating the components for sharing and protecting system resources among VMs.We implemented a hypervisor called BitVisor and a parapass-through driver for enforcing storage encryption of ATA devices based on the parapass-through architecture. The experimental result reveals that the hypervisor and ATA driver require approximately 20 kilo lines of code (KLOC) and 1.4 KLOC respectively.read more
Citations
More filters
Proceedings ArticleDOI
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
Zhi Wang,Xuxian Jiang +1 more
TL;DR: This paper presents HyperSafe, a lightweight approach that endows existing Type-I bare-metal hypervisors with a unique self-protection capability to provide lifetime control flow integrity and shows HyperSafe can reliably enable the hypervisor self- protection and provide the integrity guarantee with a small performance overhead.
Proceedings ArticleDOI
CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization
TL;DR: This paper proposes a transparent, backward-compatible approach that protects the privacy and integrity of customers' virtual machines on commodity virtualized infrastructures, even facing a total compromise of the virtual machine monitor (VMM) and the management VM.
Proceedings ArticleDOI
NOVA: a microhypervisor-based secure virtualization architecture
Udo Steinberg,Bernhard Kauer +1 more
TL;DR: This work has designed and implemented a virtualization architecture that can host multiple unmodified guest operating systems that outperforms contemporary full virtualization environments and reduces the attack surface significantly and thereby increases the overall security of the system.
Patent
Secure Network Cloud Architecture
TL;DR: In this article, the authors describe an approach for requesting creation of virtual machine (VM) in a cloud environment comprising a virtual private cloud, through various communications between a cloud DMZ, cloud provider, and/or company's network, a VM instance may be securely created, initialized, booted, unlocked, and monitored through a series of interactions building upon a root of trust.
Proceedings ArticleDOI
Defeating return-oriented rootkits with "Return-Less" kernels
TL;DR: This approach recognizes the hallmark of return-oriented rootkits, i.e., the ret instruction, and accordingly aims to completely remove them in a running OS kernel, and developed a LLVM-based prototype and used it to generate a return-less FreeBSD kernel.
References
More filters
Journal ArticleDOI
Xen and the art of virtualization
Paul Barham,Boris Dragovic,Keir Fraser,Steven Hand,Tim Harris,Alex Ho,Rolf Neugebauer,Ian Pratt,Andrew Warfield +8 more
TL;DR: Xen, an x86 virtual machine monitor which allows multiple commodity operating systems to share conventional hardware in a safe and resource managed fashion, but without sacrificing either performance or functionality, considerably outperform competing commercial and freely available solutions.
Journal ArticleDOI
The protection of information in computer systems
TL;DR: In this article, the authors explore the mechanics of protecting computer-stored information from unauthorized use or modification, focusing on those architectural structures-whether hardware or software-that are necessary to support information protection.
Journal ArticleDOI
Terra: a virtual machine-based platform for trusted computing
TL;DR: A flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware, is presented.
Proceedings Article
lmbench: portable tools for performance analysis
Larry McVoy,Carl Staelin +1 more
TL;DR: lmbench is a micro-benchmark suite designed to focus attention on the basic building blocks of many common system applications, such as databases, simulations, software development, and networking.
Journal ArticleDOI
Intel virtualization technology
Richard Uhlig,Gilbert Neiger,D. Rodgers,Amy L. Santoni,F.C.M. Martins,Andrew V. Anderson,Steven M. Bennett,Alain Kagi,Felix Leung,Lawrence Beaverton Smith +9 more
TL;DR: Once confined to specialized, proprietary, high-end server and mainframe systems, virtualization is now becoming more broadly available and is supported in off-the-shelf systems based on Intel architecture (IA) hardware.