A Digital Signature Based on a Conventional Encryption Function
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
AEGIS: architecture for tamper-evident and tamper-resistant processing
ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Caches and Hash Trees for Efficient Memory Integrity Verification
HPCA '03 Proceedings of the 9th International Symposium on High-Performance Computer Architecture
Implementing an untrusted operating system on trusted hardware
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Fast Secure Processor for Inhibiting Software Piracy and Tampering
Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture
Proceedings of the 13th International Conference on Parallel Architectures and Compilation Techniques
Architecture for Protecting Critical Secrets in Microprocessors
Proceedings of the 32nd annual international symposium on Computer Architecture
High Efficiency Counter Mode Security Architecture via Prediction and Precomputation
Proceedings of the 32nd annual international symposium on Computer Architecture
Multifacet's general execution-driven multiprocessor simulator (GEMS) toolset
ACM SIGARCH Computer Architecture News - Special issue: dasCMP'05
Improving Cost, Performance, and Security of Memory Encryption and Authentication
Proceedings of the 33rd annual international symposium on Computer Architecture
Authentication Control Point and Its Implications For Secure Processor Design
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
M-TREE: a high efficiency security architecture for protecting integrity and privacy of software
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Hardware-rooted trust for secure key management and transient trust
Proceedings of the 14th ACM conference on Computer and communications security
Proceedings of the 40th Annual IEEE/ACM International Symposium on Microarchitecture
Aegis: A Single-Chip Secure Processor
IEEE Design & Test
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
An open-source HyperTransport core
ACM Transactions on Reconfigurable Technology and Systems (TRETS)
Identity-Based Proxy Re-encryption
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Key-Private Proxy Re-encryption
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
SecureME: a hardware-software approach to full system security
Proceedings of the international conference on Supercomputing
Architectural support for hypervisor-secure virtualization
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
Architectural support for secure virtualization under a vulnerable hypervisor
Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture
Generic construction of chosen ciphertext secure proxy re-encryption
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Inspection resistant memory: architectural support for security from physical examination
Proceedings of the 39th Annual International Symposium on Computer Architecture
Hi-index | 0.00 |
Virtualization is fundamental to cloud computing because it allows multiple operating systems to run simultaneously on a physical machine. However, it also brings a range of security/privacy problems. One particularly challenging and important problem is: how can we protect the Virtual Machines (VMs) from being attacked by Virtual Machine Monitors (VMMs) and/or by the cloud vendors when they are not trusted? In this paper, we propose an architectural solution to the above problem in multi-processor cloud environments. Our key idea is to exploit hardware mechanisms to enforce access control over the shared resources (e.g., memory spaces), while protecting VM memory integrity as well as inter-processor communications and data sharing. We evaluate the solution using full-system emulation and cycle-based architecture models. Experiments based on 20 benchmark applications show that the performance overhead is 1.5%--10% when access control is enforced, and 9%--19% when VM memory is encrypted.