NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing
ICDCSW '11 Proceedings of the 2011 31st International Conference on Distributed Computing Systems Workshops
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
Architectural support for hypervisor-secure virtualization
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Cloudoscopy: services discovery and topology mapping
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Hi-index | 0.00 |
Future trustworthy computer systems should provide built-in support for at least the cornerstone security properties of confidentiality, integrity and availability. Access control can help significantly towards achieving this. However, in today's computing landscape, traditional access control implemented only in software may be either insufficient or non-optimal. We discuss some of these situations. Furthermore, fine-grained access control and usage control mechanisms implemented in software are themselves subject to attack, and may impose heavy performance overheads. Can new hardware architecture improve the security achievable by software mechanisms for access control and usage control? If so, what types of hardware support are most useful while retaining the flexibility of software protection mechanisms? What can software do, to help hardware achieve the best results? With the trend towards Cloud Computing, we discuss how new hardware architectural features for cloud servers can help protect the confidentiality and integrity of a cloud customer's code and data in his leased Virtual Machines -- even when the powerful underlying hypervisor may be compromised. This uses a new, non-bypassable form of hardware access control. Without requiring new hardware, we can also leverage the hardware trend towards manycore chips, and the already available hardware virtualization features, to enhance Cloud Security -- but with a few restrictions and some new software support. In general, we would like to motivate collaborations between the software security and the hardware architecture communities to explore software-hardware co-design for security. What comes beyond access control in cloud computing and mobile computing ecosystems? The goal is to design future trustworthy systems that provide security protections, at the levels needed, when needed, even with malware in the system.