Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
AEGIS: architecture for tamper-evident and tamper-resistant processing
ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Memory resource management in VMware ESX server
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Proceedings of the 11th ACM conference on Computer and communications security
Architecture for Protecting Critical Secrets in Microprocessors
Proceedings of the 32nd annual international symposium on Computer Architecture
The Build Master: Microsoft's Software Configuration Management Best Practices
The Build Master: Microsoft's Software Configuration Management Best Practices
Self-migration of operating systems
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
A novel cache architecture with enhanced performance and security
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
KvmSec: a security extension for Linux kernel virtual machines
Proceedings of the 2009 ACM symposium on Applied Computing
Fully homomorphic encryption using ideal lattices
Proceedings of the forty-first annual ACM symposium on Theory of computing
Efficient Hardware Architecture of SHA-256 Algorithm for Trusted Mobile Computing
Information Security and Cryptology
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Countering kernel rootkits with lightweight hook protection
Proceedings of the 16th ACM conference on Computer and communications security
WISA'07 Proceedings of the 8th international conference on Information security applications
NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
Secure Virtual Machine Execution under an Untrusted Management OS
CLOUD '10 Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
Requirements for an integrity-protected hypervisor on the x86 hardware virtualized architecture
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
SASP '10 Proceedings of the 2010 IEEE 8th Symposium on Application Specific Processors (SASP)
The turtles project: design and implementation of nested virtualization
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing
ICDCSW '11 Proceedings of the 2011 31st International Conference on Distributed Computing Systems Workshops
Systematic Design of RSA Processors Based on High-Radix Montgomery Multipliers
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Hardware-enhanced access control for cloud computing
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Verifying security invariants in ExpressOS
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Security Verification of Hardware-enabled Attestation Protocols
MICROW '12 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops
Proceedings of the ACM International Conference on Computing Frontiers
CPU transparent protection of OS kernel and hypervisor integrity with programmable DRAM
Proceedings of the 40th Annual International Symposium on Computer Architecture
Hi-index | 0.00 |
Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual machines (VMs). Continuing releases of bug reports and exploits in the virtualization software show that defending the hypervisor against attacks is very difficult. In this work, we present hypervisor-secure virtualization - a new research direction with the goal of protecting the guest VMs from an untrusted hypervisor. We also present the HyperWall architecture which achieves hypervisor-secure virtualization, using hardware to provide the protections. HyperWall allows a hypervisor to freely manage the memory, processor cores and other resources of a platform. Yet once VMs are created, our new Confidentiality and Integrity Protection (CIP) tables protect the memory of the guest VMs from accesses by the hypervisor or by DMA, depending on the customer's specification. If a hypervisor does become compromised, e.g. by an attack from a malicious VM, it cannot be used in turn to attack other VMs. The protections are enabled through minimal modifications to the microprocessor and memory management units. Whereas much of the previous work concentrates on protecting the hypervisor from attacks by guest VMs, we tackle the problem of protecting the guest VMs from the hypervisor.