BitVisor: a thin hypervisor for enforcing i/o device security

Authors:
Takahiro Shinagawa;Hideki Eiraku;Kouichi Tanimoto;Kazumasa Omote;Shoichi Hasegawa;Takashi Horie;Manabu Hirano;Kenichi Kourai;Yoshihiro Oyama;Eiji Kawai;Kenji Kono;Shigeru Chiba;Yasushi Shinjo;Kazuhiko Kato
Affiliations:
University of Tsukuba, Tsukuba, Ibaraki, Japan;University of Tsukuba, Tsukuba, Ibaraki, Japan;University of Tsukuba, Tsukuba, Ibaraki, Japan;Japan Advanced Institute of Science and Technology, Nomi, Ishikawa, Japan;University of Tsukuba, Tsukuba, Ibaraki, Japan;University of Tsukuba, Tsukuba, Ibaraki, Japan;Toyota National College of Technology, Toyota, Aichi, Japan;Kyushu Institute of Technology, Kitakyushu, Fukuoka, Japan;University of Electro-Communications, Chofu, Tokyo, Japan;Nara Institute of Science and Technology, Ikoma, Nara, Japan;Keio University, Yokohama, Kanagawa, Japan;Tokyo Institute of Technology, Meguro, Tokyo, Japan;University of Tsukuba, Tsukuba, Ibaraki, Japan;University of Tsukuba, Tsukuba, Ibaraki, Japan
Venue:
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Year:
2009

Citing 20
Cited 20

Soft timers: efficient microsecond software timer support for network processing

Proceedings of the seventeenth ACM symposium on Operating systems principles
An empirical study of operating systems errors

SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
When Virtual Is Better Than Real

HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Xen and the art of virtualization

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Devirtualizable virtual machines enabling general, single-node, online maintenance

ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
HyperSpector: virtual distributed monitoring environments for secure intrusion detection

Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
Using VMM-based sensors to monitor honeypots

Proceedings of the 2nd international conference on Virtual execution environments
Reducing TCB complexity for security-sensitive applications: three case studies

Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Analysis of the Intel Pentium's ability to support a secure virtual machine monitor

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
High performance VMM-bypass I/O in virtual machines

ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
A secure environment for untrusted helper applications confining the Wily Hacker

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
lmbench: portable tools for performance analysis

ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Concurrent Direct Network Access for Virtual Machine Monitors

HPCA '07 Proceedings of the 2007 IEEE 13th International Symposium on High Performance Computer Architecture
Using hypervisor to provide data secrecy for user applications on a per-page basis

Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
VMM-based hidden process detection and identification using Lycosid

Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Improving Xen security through disaggregation

Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems

Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
The design and implementation of microdrivers

Proceedings of the 13th international conference on Architectural support for programming languages and operating systems

Defeating return-oriented rootkits with "Return-Less" kernels

Proceedings of the 5th European conference on Computer systems
NOVA: a microhypervisor-based secure virtualization architecture

Proceedings of the 5th European conference on Computer systems
Hypervisor-based prevention of persistent rootkits

Proceedings of the 2010 ACM Symposium on Applied Computing
Ally: OS-transparent packet inspection using sequestered cores

WIOV'10 Proceedings of the 2nd conference on I/O virtualization
VASP: virtualization assisted security monitor for cross-platform protection

Proceedings of the 2011 ACM Symposium on Applied Computing
Operating system interface obfuscation and the revealing of hidden operations

DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
DriverGuard: a fine-grained protection on I/O flows

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Breaking up is hard to do: security and functionality in a commodity hypervisor

SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization

SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Hello rootKitty: a lightweight invariance-enforcing framework

ISC'11 Proceedings of the 14th international conference on Information security
Ally: OS-Transparent Packet Inspection Using Sequestered Cores

Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Hypervisor-based protection of sensitive files in a compromised system

Proceedings of the 27th Annual ACM Symposium on Applied Computing
Detecting malware signatures in a thin hypervisor

Proceedings of the 27th Annual ACM Symposium on Applied Computing
Hypervisor-based background encryption

Proceedings of the 27th Annual ACM Symposium on Applied Computing
Transparent VPN failure recovery with virtualization

Future Generation Computer Systems
Virtualization based password protection against malware in untrusted operating systems

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Separation virtual machine monitors

Proceedings of the 28th Annual Computer Security Applications Conference
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows

ACM Transactions on Information and System Security (TISSEC)
Design and verification of a lightweight reliable virtual machine monitor for a many-core architecture

Frontiers of Computer Science: Selected Publications from Chinese Universities
An architecture for concurrent execution of secure environments in clouds

Proceedings of the 2013 ACM workshop on Cloud computing security workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs. This paper introduces a hypervisor architecture, called parapass-through, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also allows to run only single VM on it, eliminating the components for sharing and protecting system resources among VMs. We implemented a hypervisor called BitVisor and a parapass-through driver for enforcing storage encryption of ATA devices based on the parapass-through architecture. The experimental result reveals that the hypervisor and ATA driver require approximately 20 kilo lines of code (KLOC) and 1.4 KLOC respectively.