Disco: running commodity operating systems on scalable multiprocessors
ACM Transactions on Computer Systems (TOCS)
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
How to Systematically Classify Computer Security Intrusions
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Intrusion Detection in Virtual Machine Environments
EUROMICRO '04 Proceedings of the 30th EUROMICRO Conference
Does Trusted Computing Remedy Computer Security Problems?
IEEE Security and Privacy
Ext3cow: a time-shifting file system for regulatory compliance
ACM Transactions on Storage (TOS)
HyperSpector: virtual distributed monitoring environments for secure intrusion detection
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
The Architecture of Virtual Machines
Computer
Intel Virtualization Technology
Computer
Resource Usage of Windows Computer Laboratories
ICPPW '05 Proceedings of the 2005 International Conference on Parallel Processing Workshops
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A comparison of software and hardware techniques for x86 virtualization
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Manitou: a layer-below approach to fighting malware
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Covert and Side Channels Due to Processor Architecture
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
New cache designs for thwarting software cache-based side channel attacks
Proceedings of the 34th annual international symposium on Computer architecture
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Managing the risk of covert information flows in virtual machine systems
Proceedings of the 12th ACM symposium on Access control models and technologies
Semantic remote attestation: a virtual machine directed approach to trusted computing
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Trusted hardware: can it be trustworthy?
Proceedings of the 44th annual Design Automation Conference
Virtualization's next frontier: security
Proceedings of the 35th annual ACM SIGUCCS fall conference
Virtualization: virtually at the desktop
Proceedings of the 35th annual ACM SIGUCCS fall conference
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
How Not to Be Seen II: The Defenders Fight Back
IEEE Security and Privacy
IEEE Security and Privacy
VMM-based hidden process detection and identification using Lycosid
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Compatibility is not transparency: VMM detection myths and realities
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Remote detection of virtual machine monitors with fuzzy benchmarking
ACM SIGOPS Operating Systems Review
A hypervisor-based system for protecting software runtime memory and persistent storage
Proceedings of the 2008 Spring simulation multiconference
Architecting Dependable and Secure Systems Using Virtualization
Architecting Dependable Systems V
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the 1st ACM workshop on Virtual machine security
I/O for Virtual Machine Monitors: Security and Performance Issues
IEEE Security and Privacy
Virtualization and Hardware-Based Security
IEEE Security and Privacy
Virtual Machine Introspection: Observation or Interference?
IEEE Security and Privacy
Trusted virtual platforms: a key enabler for converged client devices
ACM SIGOPS Operating Systems Review
Providing secure services for a virtual infrastructure
ACM SIGOPS Operating Systems Review
VMFence: a customized intrusion prevention system in distributed virtual computing environment
Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication
Challenges and opportunities for virtualized security in the clouds
Proceedings of the 14th ACM symposium on Access control models and technologies
GPU virtualization on VMware's hosted I/O architecture
ACM SIGOPS Operating Systems Review
Security Implications of Virtualization: A Literature Study
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Secure in-VM monitoring using hardware virtualization
Proceedings of the 16th ACM conference on Computer and communications security
Cloud security is not (just) virtualization security: a short paper
Proceedings of the 2009 ACM workshop on Cloud computing security
The cake is a lie: privilege rings as a policy resource
Proceedings of the 1st ACM workshop on Virtual machine security
System-level virtualization research at Oak Ridge National Laboratory
Future Generation Computer Systems
Network virtualization: state of the art and research challenges
IEEE Communications Magazine
Toward Revealing Kernel Malware Behavior in Virtual Execution Environments
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Trusted computing using AMD "Pacifica" and "Presidio" secure virtual machine technology
Information Security Tech. Report
Operating system virtualization: practice and experience
Proceedings of the 3rd Annual Haifa Experimental Systems Conference
The impact of management operations on the virtualized datacenter
Proceedings of the 37th annual international symposium on Computer architecture
CHINAGRID '10 Proceedings of the The Fifth Annual ChinaGrid Conference
Requirements for an integrity-protected hypervisor on the x86 hardware virtualized architecture
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Review: A survey on security issues in service delivery models of cloud computing
Journal of Network and Computer Applications
Using a Hypervisor to Migrate Running Operating Systems to Secure Virtual Machines
COMPSAC '10 Proceedings of the 2010 IEEE 34th Annual Computer Software and Applications Conference
Research on Trusted Computing Implementations in Windows
ISME '10 Proceedings of the 2010 International Conference of Information Science and Management Engineering - Volume 01
Scalable security architecture for trusted software
Scalable security architecture for trusted software
Trusted virtual domains: toward secure distributed services
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Trusted virtual domains – design, implementation and lessons learned
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Virtualisation: Virtualisation as a blackhat tool
Network Security
ISC'07 Proceedings of the 10th international conference on Information Security
Flying over Mobile Clouds with Security Planes: Select Your Class of SLA for End-to-End Security
UCC '13 Proceedings of the 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing
Hi-index | 0.00 |
Although system virtualization is not a new paradigm, the way in which it is used in modern system architectures provides a powerful platform for system building, the advantages of which have only been realized in recent years, as a result of the rapid deployment of commodity hardware and software systems. In principle, virtualization involves the use of an encapsulating software layer (Hypervisor or Virtual Machine Monitor) which surrounds or underlies an operating system and provides the same inputs, outputs, and behavior that would be expected from an actual physical device. This abstraction means that an ideal Virtual Machine Monitor provides an environment to the software equivalent to the host system, but which is decoupled from the hardware state. Because a virtual machine is not dependent on the state of the physical hardware, multiple virtual machines may be installed on a single set of hardware. The decoupling of physical and logical states gives virtualization inherent security benefits. However, the design, implementation, and deployment of virtualization technology have also opened up novel threats and security issues which, while not particular to system virtualization, take on new forms in relation to it. Reverse engineering becomes easier due to introspection capabilities, as encryption keys, security algorithms, low-level protection, intrusion detection, or antidebugging measures can become more easily compromised. Furthermore, associated technologies such as virtual routing and networking can create challenging issues for security, intrusion control, and associated forensic processes. We explain the security considerations and some associated methodologies by which security breaches can occur, and offer recommendations for how virtualized environments can best be protected. Finally, we offer a set of generalized recommendations that can be applied to achieve secure virtualized implementations.