Improving Xen security through disaggregation

VEE'08 - Proceedings of the 4th International Conference on Virtual Execution Environments

Volumn , Issue , 2008, Pages 151-160

  Murray, Derek Gordon ^a   Milos, Grzegorz ^a   Hand, Steven ^a  

^a UNIVERSITY OF CAMBRIDGE   (United Kingdom)

Author keywords

Disaggregation; Trusted computing base; Virtual machines

Indexed keywords

DISAGGREGATION; HYPERVISOR; OPERATING SYSTEMS; SECURITY ANALYSIS; TRUSTED COMPUTING; TRUSTED COMPUTING BASE; VIRTUAL MACHINE MONITORS; VIRTUAL MACHINES; VIRTUALISATION;

COMPUTER OPERATING SYSTEMS;

NETWORK SECURITY;

EID: 77952329878     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1346256.1346278     Document Type: Conference Paper

References (36)

1. R. Aigner. DICE User's Manual. Technical report, Technische Universität Dresden, 2007. http://os.inf.tu-dresden.de/ dice/manual.pdf.
2. M. J. Anderson, M. Moffie, and C. I. Dalton. Towards Trustworthy Virtualisation Environments: Xen Library OS Security Service Infrastructure. Technical Report HPL-2007-2069, Hewlett-Packard Development Company, L.P., April 2007.
3. W. Arbaugh, D. Farber, and J. Smith. A secure and reliable bootstrap architecture. Proceedings of the 1997 IEEE Symposium on Security and Privacy, 1997.
4. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceedings of the nineteenth ACM symposium on operating systems principles, pages 164-177. ACM Press New York, NY, USA, 2003.
5. V. R. Basili and B. T. Perricone. Software errors and complexity: an empirical investigation. Commun. ACM, 27(1):42-52, 1984.
6. M. Ben-Yehuda, J. Mason, O. Krieger, J. Xenidis, L. V. Doom, A. Mallick, J. Nakajima, and E. Wahlig. Utilizing IOMMUs for Virtualization in Linux and Xen. In Proceedings of the 2006 Ottawa Linux Symposium, 2006.
7. S. Berger, R. Cáceres, K. A. Goldman, R. Perez, R. Sailer, and L. van Doom. vTPM: virtualizing the trusted platform module. In Proceedings of the 15th USENIX Security Symposium, pages 21-21, Berkeley, CA, USA, 2006. USENIX Association.
8. A. Birrell and B. Nelson. Implementing remote procedure calls. ACM Transactions on Computer Systems, 2(1):39-59, 1984.
9. M. Bishop and M. Dilger. Checking for race conditions in file accesses. Computing Systems, 9(2):131-152, Spring 1996.
10. P. M. Chen and B. D. Noble. When virtual is better than real. In Proceedings of the 8th Workshop on Hot Topics in Operating Systems, page 133, Washington, DC, USA, 2001. IEEE Computer Society.
11. T. Dierks and C. Allen. The TLS Protocol Version 1.0. RFC 2246, IETF, Jan. 1999.
12. L. Duflot, D. Etiemble, and O. Grumelard. Using CPU System Management Mode to Circumvent Operating System Security Functions. In Proceedings of the 7th CanSecWest conference, 2001.
13. N. Feske and C. Helmuth. A nitpicker's guide to a minimalcomplexity secure GUI. In ACSAC '05: Proceedings of the 21st Annual Computer Security Applications Conference, pages 85-94, Washington, DC, USA, 2005. IEEE Computer Society.
14. K. Fraser, S. Hand, R. Neugebauer, I. Pratt, A. Warfield, and M. Williamson. Safe hardware access with the Xen virtual machine monitor. In Proceedings of the 1st Workshop on Operating System and Architectural Support for the on demand IT Infrastructure, 2004.
15. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machine-based platform for trusted computing. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, pages 193-206. ACM Press New York, NY, USA, 2003.
16. B. Gleeson, A. Lin, J. Heinanen, G. Armitage, and A. Malis. A Framework for IP Based Virtual Private Networks. RFC 2764, IETF, Feb. 2000.
17. M. Hohmuth, M. Peter, H. Härtig, and J. Shapiro. Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors. In Proceedings of the 11th ACM SIGOPS European workshop: beyond the PC. ACM Press New York, NY, USA, 2004.
18. B. Kauer. OSLO: Improving the Security of Trusted Computing. In Proceedings of the 16th USENIX Security Symposium. USENIX Association, 2007.
19. S. Kent and K. Seo. Security Architecture for the Internet Protocol. RFC 4301, IETF, Dec. 2005.
20. D. Kuhlmann, R. Landfermann, H. Ramasamy, M. Schunter, G. Ramunno, and D. Vernizzi. An Open Trusted Computing Architecture: Secure virtual machines enabling user-defined policy enforcement. Technical report, OpenTC consortium, 2006. https://secure.opentc.net/otc-HighLevelOverview/OTC-Architecture.High- level.overview.pdf.
21. J. Liedtke. On micro-kernel construction. ACM SIGOPS Operating Systems Review, 29(5):237-250, 1995.
22. Microsoft Corporation. BitLocker Drive Encryption, 2007. http : //technet.microsoft.com/en-us/windowsvista/aa905065. aspx.
23. National Institute of Standards and Technology. An Introduction to Computer Security: the NIST Handbook. Technical Report 800-812, National Institute of Standards and Technology, October 1995.
24. T. J. Ostrand and E. J. Weyuker. The distribution of faults in a large industrial software system. SIGSOFT Softw. Eng. Notes, 27(4):55-64, 2002.
25. N. Provos, M. Friedl, and P. Honeyman. Preventing privilege escalation. In Proceedings of the 12th USENIX Security Symposium, pages 16-16, Berkeley, CA, USA, 2003. USENIX Association.
26. D. Reed, I. Pratt, P. Menage, S. Early, and N. Stratford. Xenoservers: Accountable execution of untrusted programs. In Proceedings of the 7th Workshop on Hot Topics in Operating Systems, page 136, Washington, DC, USA, 1999. IEEE Computer Society.
27. L. Reuther, V. Uhlig, and R. Aigner. Component Interfaces in a Microkernel-based System. In Proceedings of the 3rd Workshop on System Design Automation (SDA), March 2000.
28. R. Sailer, X. Zhang, T. Jaeger, and L. van Doom. Design and Implementation of a TCG-based Integrity Measurement Architecture. In Proceedings of the 13th USENIX Security Symposium, pages 223-238, 2004.
29. U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the 10th USENIX Security Symposium, Berkeley, CA, USA, 2001. USENIX Association.
30. L. Singaravelu, C. Pu, H. Hartig, and C. Helmuth. Reducing TCB complexity for security-sensitive applications: Three case studies. In Proceedings of EuroSys 2006, 2006.
31. A. Tanenbaum, J. Herder, and H. Bos. Can we make operating systems reliable and secure? Computer, 39(5):44-51, 2006.
32. (Unattributed). dm-crypt - a device-mapper crypto target, 2007. http://www.saout.de/misc/dm-crypt/.
33. (Unattributed). TPM Main Part 1 Design Principles. Technical report, Trusted Computing Group, 2007. https://www. trustedcomputinggroup.org/specs/TPM/ mainP1DPrev103. zip.
34. D. A. Wheeler. SLOCCount, 2007. http://www.dwheeler.com/ sloccount/.
35. XenSource. XenApi - Xen Wiki, 2007. http://wiki.xensource. com/xenwiki/XenApi.
36. X. Zhang, S. McIntosh, P. Rohatgi, and J. Griffin. XenSocket: A high-throughput interdomain transport for VMs. In Proceedings of Middleware 2007, Secaucus, NJ, USA, 2007. Springer-Verlag New York, Inc.