AEGIS: architecture for tamper-evident and tamper-resistant processing
ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Proceedings of the workshop on virtual computer systems
When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Intel Virtualization Technology
Computer
Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Reducing TCB complexity for security-sensitive applications: three case studies
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Analysis of the Intel Pentium's ability to support a secure virtual machine monitor
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Towards trustworthy computing systems: taking microkernels to the next level
ACM SIGOPS Operating Systems Review
Improving Xen security through disaggregation
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
How low can you go?: recommendations for hardware-supported minimal TCB code execution
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Privilege separation made easy: trusting small libraries not big processes
Proceedings of the 1st European Workshop on System Security
Virtual machines jailed: virtualization in systems with small trusted computing bases
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
ACPI: Design Principles and Concerns
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Dynamics of a Trusted Platform: A Building Block Approach
Dynamics of a Trusted Platform: A Building Block Approach
The cake is a lie: privilege rings as a policy resource
Proceedings of the 1st ACM workshop on Virtual machine security
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
In this paper we explore how recent advances in virtualisation support for commodity hardware could be utilised to reduce the Trusted Computing Base (TCB) and improve the code separation of a hypervisor. To achieve this, we reassess on the definition of the TCB and illustrate how segregation of different code blocks could be enforced by hardware protection mechanisms. We argue that many software-based efforts in TCB reduction and separation can benefit from utilising those hardware capabilities.