Requirements for an integrity-protected hypervisor on the x86 hardware virtualized architecture

Authors:
Amit Vasudevan;Jonathan M. McCune;Ning Qu;Leendert Van Doorn;Adrian Perrig
Affiliations:
CyLab, Carnegie Mellon University, Pittsburgh, PA;CyLab, Carnegie Mellon University, Pittsburgh, PA;Nvidia Corp., Santa Clara, CA;Advanced Micro Devices Corp., Austin, TX;CyLab, Carnegie Mellon University, Pittsburgh, PA
Venue:
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Year:
2010

Citing 14
Cited 3

The performance of μ-kernel-based systems

Proceedings of the sixteenth ACM symposium on Operating systems principles
Formal requirements for virtualizable third generation architectures

Communications of the ACM
PCI Express System Architecture

PCI Express System Architecture
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems

Proceedings of the twentieth ACM symposium on Operating systems principles
Multi-Level Security Requirements for Hypervisors

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Analysis of the Intel Pentium's ability to support a secure virtual machine monitor

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Towards trustworthy computing systems: taking microkernels to the next level

ACM SIGOPS Operating Systems Review
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Hype and virtue

HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
OSLO: improving the security of trusted computing

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
TOCTOU, Traps, and Trusted Computing

Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
A Logic of Secure Systems and its Application to Trusted Computing

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
seL4: formal verification of an OS kernel

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

Proceedings of the 16th ACM conference on Computer and communications security

Architectural support for hypervisor-secure virtualization

ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
acTvSM: a dynamic virtualization platform for enforcement of application integrity

INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Virtualization: Issues, security threats, and solutions

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.01

Visualization

Abstract

Virtualization has been purported to be a panacea for many security problems. We analyze the feasibility of constructing an integrity-protected hypervisor on contemporary x86 hardware that includes virtualization support, observing that without the fundamental property of hypervisor integrity, no secrecy properties can be achieved. Unfortunately, we find that significant issues remain for constructing an integrity-protected hypervisor on such hardware. Based on our analysis, we describe a set of necessary rules that must be followed by hypervisor developers and users to maintain hypervisor integrity. No current hypervisor we are aware of adheres to all the rules. No current x86 hardware platform we are aware of even allows for the construction of an integrity-protected hypervisor. We provide a perspective on secure virtualization and outline a research agenda for achieving truly secure hypervisors.