Improving IPC by kernel design
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
The performance of μ-kernel-based systems
Proceedings of the sixteenth ACM symposium on Operating systems principles
Disco: running commodity operating systems on scalable multiprocessors
Proceedings of the sixteenth ACM symposium on Operating systems principles
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Intel Virtualization Technology
Computer
A comparison of software and hardware techniques for x86 virtualization
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Construction of a Highly Dependable Operating System
EDCC '06 Proceedings of the Sixth European Dependable Computing Conference
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Debugging operating systems with time-traveling virtual machines
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Live migration of virtual machines
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Unmodified device driver reuse and improved system dependability via virtual machines
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Splitting interfaces: making trust between applications and operating systems configurable
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Improving Xen security through disaggregation
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Accelerating two-dimensional page walks for virtualized systems
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
BitVisor: a thin hypervisor for enforcing i/o device security
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Virtual machines jailed: virtualization in systems with small trusted computing bases
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Taming subsystems: capabilities as universal resource access control in L4
Proceedings of the Second Workshop on Isolation and Integration in Embedded Systems
The multikernel: a new OS architecture for scalable multicore systems
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Automatic device driver synthesis with termite
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Reverse engineering of binary device drivers with RevNIC
Proceedings of the 5th European conference on Computer systems
The OKL4 microvisor: convergence point of microkernels and hypervisors
Proceedings of the first ACM asia-pacific workshop on Workshop on systems
A light-weight virtual machine monitor for Blue Gene/P
Proceedings of the 1st International Workshop on Runtime and Operating Systems for Supercomputers
What if you could actually trust your kernel?
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
ORK+/XtratuM: an open partitioning platform for Ada
Ada-Europe'11 Proceedings of the 16th Ada-Europe international conference on Reliable software technologies
Rounding pointers: type safe capabilities with C++ meta programming
PLOS '11 Proceedings of the 6th Workshop on Programming Languages and Operating Systems
Breaking up is hard to do: security and functionality in a commodity hypervisor
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
Hardware-supported virtualization on ARM
Proceedings of the Second Asia-Pacific Workshop on Systems
Isolating commodity hosted hypervisors with HyperLock
Proceedings of the 7th ACM european conference on Computer Systems
Delusional boot: securing hypervisors without massive re-engineering
Proceedings of the 7th ACM european conference on Computer Systems
CheapBFT: resource-efficient byzantine fault tolerance
Proceedings of the 7th ACM european conference on Computer Systems
Proceedings of the 9th conference on Computing Frontiers
Hypervisor-based protection of sensitive files in a compromised system
Proceedings of the 27th Annual ACM Symposium on Applied Computing
A lightweight virtual machine monitor for Blue Gene/P
International Journal of High Performance Computing Applications
VM aware journaling: improving journaling file system performance in virtualization environments
Software—Practice & Experience
kGuard: lightweight kernel protection against return-to-user attacks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Lockdown: towards a safe and practical architecture for security applications on commodity platforms
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Verifying system integrity by proxy
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Virtualization based password protection against malware in untrusted operating systems
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Operating system support for redundant multithreading
Proceedings of the tenth ACM international conference on Embedded software
Flattening hierarchical scheduling
Proceedings of the tenth ACM international conference on Embedded software
Proceedings of the 2012 ACM conference on Computer and communications security
Trusted VM snapshots in untrusted cloud infrastructures
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
Enhancing the OS against security threats in system administration
Proceedings of the 13th International Middleware Conference
RapiLog: reducing system complexity through verification
Proceedings of the 8th ACM European Conference on Computer Systems
A survey of security issues in hardware virtualization
ACM Computing Surveys (CSUR)
Enabling fast, dynamic network processing with clickOS
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Frontiers of Computer Science: Selected Publications from Chinese Universities
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
From L3 to seL4 what have we learnt in 20 years of L4 microkernels?
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
MyCloud: supporting user-configured privacy protection in cloud computing
Proceedings of the 29th Annual Computer Security Applications Conference
Towards a scalable microkernel personality for multicore processors
Euro-Par'13 Proceedings of the 19th international conference on Parallel Processing
KVM/ARM: the design and implementation of the linux ARM hypervisor
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Using ARM trustzone to build a trusted language runtime for mobile applications
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
Comprehensive formal verification of an OS microkernel
ACM Transactions on Computer Systems (TOCS)
Shrinking the hypervisor one subsystem at a time: a userspace packet switch for virtual machines
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
| Hi-index | 0.00 |
The availability of virtualization features in modern CPUs has reinforced the trend of consolidating multiple guest operating systems on top of a hypervisor in order to improve platform-resource utilization and reduce the total cost of ownership. However, today's virtualization stacks are unduly large and therefore prone to attacks. If an adversary manages to compromise the hypervisor, subverting the security of all hosted operating systems is easy. We show how a thin and simple virtualization layer reduces the attack surface significantly and thereby increases the overall security of the system. We have designed and implemented a virtualization architecture that can host multiple unmodified guest operating systems. Its trusted computing base is at least an order of magnitude smaller than that of existing systems. Furthermore, on recent hardware, our implementation outperforms contemporary full virtualization environments.