Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
CertiKOS: a certified kernel for secure cloud computing
Proceedings of the Second Asia-Pacific Workshop on Systems
SP 800-145. The NIST Definition of Cloud Computing
SP 800-145. The NIST Definition of Cloud Computing
| Hi-index | 0.00 |
We introduce a novel cloud computing architecture that ensures privacy for guest's information and computation. In conventional cloud architecture, a security policy proposed by a provider only ensured the protection of guest's information. This enabled malicious operators to steal or modify guest's information. Our architecture protects guest's information with novel memory management function of hypervisor from malicious operators. Cloud computing generally relies on virtualization, and VMM or hypervisor maintains page table for interfering VM's memory accesses, which is called shadow page table. Our hypervisor regulates memory accesses by management VM by adding a authority bit to shadow page table entry. Our architecture also prohibits a theft of guest's information when it is stored in storage by encrypting data when they leave memory.