Hypervisor-based fault tolerance
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
ACM SIGOPS Operating Systems Review
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
The taser intrusion recovery system
Proceedings of the twentieth ACM symposium on Operating systems principles
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors
Proceedings of the 11th workshop on ACM SIGOPS European workshop
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Live migration of virtual machines
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Microreboot — A technique for cheap recovery
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Improving Xen security through disaggregation
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Remus: high availability via asynchronous virtual machine replication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Wedge: splitting applications into reduced-privilege compartments
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Improving performance by embedding HPC applications in lightweight Xen domains
Proceedings of the 2nd workshop on System-level virtualization for high performance computing
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
BitVisor: a thin hypervisor for enforcing i/o device security
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Microsoft Virtualization with Hyper-V
Microsoft Virtualization with Hyper-V
FAWN: a fast array of wimpy nodes
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Countering kernel rootkits with lightweight hook protection
Proceedings of the 16th ACM conference on Computer and communications security
NOVA: a microhypervisor-based secure virtualization architecture
Proceedings of the 5th European conference on Computer systems
Analyzing the energy efficiency of a database server
Proceedings of the 2010 ACM SIGMOD International Conference on Management of data
NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
Difference engine: harnessing memory redundancy in virtual machines
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Satori: enlightened page sharing
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Using functional programming within an industrial product group: perspectives and perceptions
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
ReHype: enabling VM survival across hypervisor failures
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
A case for secure and scalable hypervisor using safe language
Proceedings of the 2012 International Workshop on Programming Models and Applications for Multicores and Manycores
Isolating commodity hosted hypervisors with HyperLock
Proceedings of the 7th ACM european conference on Computer Systems
Delusional boot: securing hypervisors without massive re-engineering
Proceedings of the 7th ACM european conference on Computer Systems
Virtual switching without a hypervisor for a more secure cloud
Hot-ICE'12 Proceedings of the 2nd USENIX conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services
Secure lazy provisioning of virtual desktops to a portable storage device
Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date
Proceedings of the 2012 ACM conference on Computer and communications security
Auditing cloud management using information flow tracking
Proceedings of the seventh ACM workshop on Scalable trusted computing
Eternal sunshine of the spotless machine: protecting privacy with ephemeral channels
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Unikernels: library operating systems for the cloud
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Towards verifiable resource accounting for outsourced computation
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
VirtuOS: an operating system with kernel virtualization
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Unikernels: the rise of the virtual library operating system
Communications of the ACM
Unikernels: Rise of the Virtual Library Operating System
Queue - Distributed Computing
Shrinking the hypervisor one subsystem at a time: a userspace packet switch for virtual machines
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.02 |
Cloud computing uses virtualization to lease small slices of large-scale datacenter facilities to individual paying customers. These multi-tenant environments, on which numerous large and popular web-based applications run today, are founded on the belief that the virtualization platform is sufficiently secure to prevent breaches of isolation between different users who are co-located on the same host. Hypervisors are believed to be trustworthy in this role because of their small size and narrow interfaces. We observe that despite the modest footprint of the hypervisor itself, these platforms have a large aggregate trusted computing base (TCB) that includes a monolithic control VM with numerous interfaces exposed to VMs. We present Xoar, a modified version of Xen that retrofits the modularity and isolation principles used in micro-kernels onto a mature virtualization platform. Xoar breaks the control VM into single-purpose components called service VMs. We show that this componentized abstraction brings a number of benefits: sharing of service components by guests is configurable and auditable, making exposure to risk explicit, and access to the hypervisor is restricted to the least privilege required for each component. Microrebooting components at configurable frequencies reduces the temporal attack surface of individual components. Our approach incurs little performance overhead, and does not require functionality to be sacrificed or components to be rewritten from scratch.