Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Memory resource management in VMware ESX server
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Architecture for Protecting Critical Secrets in Microprocessors
Proceedings of the 32nd annual international symposium on Computer Architecture
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions
Proceedings of the 32nd annual international symposium on Computer Architecture
New cache designs for thwarting software cache-based side channel attacks
Proceedings of the 34th annual international symposium on Computer architecture
Live migration of virtual machines
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Hardware-rooted trust for secure key management and transient trust
Proceedings of the 14th ACM conference on Computer and communications security
Stall-Time Fair Memory Access Scheduling for Chip Multiprocessors
Proceedings of the 40th Annual IEEE/ACM International Symposium on Microarchitecture
Improving Xen security through disaggregation
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
The cost of a cloud: research problems in data center networks
ACM SIGCOMM Computer Communication Review
A novel cache architecture with enhanced performance and security
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Towards trusted cloud computing
HotCloud'09 Proceedings of the 2009 conference on Hot topics in cloud computing
Migration without virtualization
HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems
The best of both worlds with on-demand virtualization
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Breaking up is hard to do: security and functionality in a commodity hypervisor
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
RepCloud: achieving fine-grained cloud TCB attestation with reputation systems
Proceedings of the sixth ACM workshop on Scalable trusted computing
An exploration of L2 cache covert channels in virtualized environments
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
Ally: OS-Transparent Packet Inspection Using Sequestered Cores
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
CertiKOS: a certified kernel for secure cloud computing
Proceedings of the Second Asia-Pacific Workshop on Systems
ELI: bare-metal performance for I/O virtualization
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Architectural support for hypervisor-secure virtualization
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Architectural support for secure virtualization under a vulnerable hypervisor
Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture
Delusional boot: securing hypervisors without massive re-engineering
Proceedings of the 7th ACM european conference on Computer Systems
Proceedings of the 9th conference on Computing Frontiers
Virtual switching without a hypervisor for a more secure cloud
Hot-ICE'12 Proceedings of the 2nd USENIX conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services
Group-Based memory deduplication for virtualized clouds
Euro-Par'11 Proceedings of the 2011 international conference on Parallel Processing - Volume 2
Hardware-enhanced access control for cloud computing
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Icebergs in the clouds: the other risks of cloud computing
HotCloud'12 Proceedings of the 4th USENIX conference on Hot Topics in Cloud Ccomputing
Plugging side-channel leaks with timing information flow control
HotCloud'12 Proceedings of the 4th USENIX conference on Hot Topics in Cloud Ccomputing
Improving virtualization security by splitting hypervisor into smaller components
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Lockdown: towards a safe and practical architecture for security applications on commodity platforms
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Eternal sunshine of the spotless machine: protecting privacy with ephemeral channels
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Separation virtual machine monitors
Proceedings of the 28th Annual Computer Security Applications Conference
A lightweight VMM on many core for high performance computing
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
A survey of security issues in hardware virtualization
ACM Computing Surveys (CSUR)
Characterizing hypervisor vulnerabilities in cloud computing servers
Proceedings of the 2013 international workshop on Security in cloud computing
HSG-LM: hybrid-copy speculative guest OS live migration without hypervisor
Proceedings of the 6th International Systems and Storage Conference
Efficient and secure data storage operations for mobile cloud computing
Proceedings of the 8th International Conference on Network and Service Management
The nonkernel: a kernel designed for the cloud
Proceedings of the 4th Asia-Pacific Workshop on Systems
Frontiers of Computer Science: Selected Publications from Chinese Universities
MyCloud: supporting user-configured privacy protection in cloud computing
Proceedings of the 29th Annual Computer Security Applications Conference
Proceedings of the 4th ACM conference on Data and application security and privacy
Group-based memory oversubscription for virtualized clouds
Journal of Parallel and Distributed Computing
Hi-index | 0.00 |
Cloud computing is a disruptive trend that is changing the way we use computers. The key underlying technology in cloud infrastructures is virtualization -- so much so that many consider virtualization to be one of the key features rather than simply an implementation detail. Unfortunately, the use of virtualization is the source of a significant security concern. Because multiple virtual machines run on the same server and since the virtualization layer plays a considerable role in the operation of a virtual machine, a malicious party has the opportunity to attack the virtualization layer. A successful attack would give the malicious party control over the all-powerful virtualization layer, potentially compromising the confidentiality and integrity of the software and data of any virtual machine. In this paper we propose removing the virtualization layer, while retaining the key features enabled by virtualization. Our NoHype architecture, named to indicate the removal of the hypervisor, addresses each of the key roles of the virtualization layer: arbitrating access to CPU, memory, and I/O devices, acting as a network device (e.g., Ethernet switch), and managing the starting and stopping of guest virtual machines. Additionally, we show that our NoHype architecture may indeed be "no hype" since nearly all of the needed features to realize the NoHype architecture are currently available as hardware extensions to processors and I/O devices.