The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Linux Journal
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
GBDE: GEOM based disk encryption
BSDC'03 Proceedings of the BSD Conference 2003 on BSD Conference
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
VirtualBox: bits and bytes masquerading as machines
Linux Journal
Linux Journal
Lares: An Architecture for Secure Active Monitoring Using Virtualization
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
BitVisor: a thin hypervisor for enforcing i/o device security
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
ACM Transactions on Information and System Security (TISSEC)
HIMA: A Hypervisor-Based Integrity Measurement Agent
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
A Practical Approach to Improve the Data Privacy of Virtual Machines
CIT '10 Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology
Network Booting: Preboot Execution Environment, Bootstrap Protocol, Netboot, Gpxe, Remote Initial Program Load
Proceedings of the 18th ACM conference on Computer and communications security
| Hi-index | 0.00 |
To prevent data breaches, many organizations deploy full disk encryption to their computers. While OS-based encryption is widely accepted in practical situations, hypervisor-based encryption offers significant advantages such as OS independence and providing more secure environments. Unfortunately, the initial deployment cost of hypervisor-based encryption systems is rarely discussed. In this paper, we present a hypervisor-based encryption scheme that allows instant deployment of full disk encryption into existing systems without disturbing user's activities. To avoid waiting for encryption to be completed, hypervisors perform background encryption that does not incur significant performance penalty on guest OSs by carefully watching guest OS activities and moderating the degree of encryption speed. Our scheme does not require conversion of disk images or modification of OS configurations to install hypervisors by exploiting BitVisor, a thin hypervisor for enforcing security, that can be easily injected to existing systems. Our experimental results on Windows 7 show that application benchmark scores are not significantly affected by the background encryption and the overhead on sequential disk access throughput is at most 24%. The throughput of our background encryption is comparable to that of existing OS-based background encryption systems.