Requirements for an integrity-protected hypervisor on the x86 hardware virtualized architecture

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6101 LNCS, Issue , 2010, Pages 141-165

  Vasudevan, Amit ^a   McCune, Jonathan M ^a   Qu, Ning ^b   Van Doorn, Leendert ^c   Perrig, Adrian ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b NVIDIA   (United States)

^c ADVANCED MICRO DEVICES   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

FUNDAMENTAL PROPERTIES; HARDWARE PLATFORM; HYPERVISOR; RESEARCH AGENDA; SECRECY PROPERTIES; SECURITY PROBLEMS; VIRTUALIZATIONS;

EID: 77954726625     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-13869-0_10     Document Type: Conference Paper

References (51)

1. Elevated privileges. CVE-2007-4993 (2007)
2. Multiple integer overflows allow execution of arbitrary code. CVE-2007-5497 (2007)
3. The CPU hardware emulation does not properly handle the Trap flag. CVE-2008-4915 (under review) (2008)
4. Directory traversal vulnerability in the shared folders feature. CVE-2008-0923 (under review) (2008)
5. Multiple buffer overflows in openwsman allow remote attackers to execute arbitrary code. CVE-2008-2234 (2008)
6. AMD64 virtualization: Secure virtual machine architecture reference manual. AMD Publication no. 33047 rev. 3.01 (2005)
7. Anderson, J.P.: Computer security technology planning study. Technical Report ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom AFB (1972)
8. Boileau, A.: Hit by a bus: Physical access attacks with firewire. RuxCon (2006)
9. Bratus, S., D'Cunha, N., Sparks, E., Smith, S.W.: TOCTOU, traps, and trusted computing. In: Proc. Conference on Trusted Computing and Trust in Information Technologies, TRUST (2008)
10. Budruk, R., Anderson, D., Shanley, T.: PCI Express System Architecture. Addison-Wesley, Reading (2004)
11. Datta, A., Franklin, J., Garg, D., Kaynar, D.: A logic of secure systems and its applications to trusted computing. In: Proc. IEEE Symposium on Security and Privacy (2009)
12. Duflot, L., Levillain, O., Morin, B., Grumelard, O.: Getting into the SMRAM: SMM reloaded. In: Central Directorate for Information Systems Security (2009)
13. Findeisen, R.: Buggy south bridge in HP dc5750. Personal communication (April 2008)
14. Franklin, J., Seshadri, A., Qu, N., Chaki, S., Datta, A.: Attacking, repairing, and verifying SecVisor: A retrospective on the security of a hypervisor. CMU Cylab Technical Report CMU-CyLab-08-008 (2008)
15. Härtig, H., Hohmuth, M., Liedtke, J., Schönberg, S., Wolter, J.: The performance of microkernel-based systems. In: Proceedings of the ACM Symposium on Operating Systems Principles (SOSP) (October 1997)
16. Heasman, J.: Implementing and detecting a PCI rootkit. NGSSoftware Insight Security Research (2006)
17. Heasman, J.: Implementing and detecting an ACPI BIOS rootkit. Black Hat USA (2006)
18. Heasman, J.: Hacking the extensible firware interface. Black Hat USA (2007)
19. Heiser, G., Elphinstone, K., Kuz, I., Klein, G., Petters, S.M.: Towards trustworthy computing systems: Taking microkernels to the next level. In: Proc. ACM Operating Systems Review (2007)
20. Hewlett-Packard, et al.: Advanced configuration and power interface specification. Revision 3.0b (October 2006)
21. Intel virtualization technology specification for the IA-32 Intel architecture. Intel Publication no. C97063-002 (April 2005)
22. Intel trusted execution technology - measured launched environment developer's guide. Document no. 315168-005 (June 2008)
23. Intel Corporation. The extensible firmware interface specification (2002), http://www.intel.com/technology/efi/
24. International Organization for Standardization. Information technology - Security techniques - evaluation criteria for IT security - Part 1: Introduction and general model, Part 2: Security functional requirements, Part 3: Security assurance requirements. ISO/IEC 15408-1, 15408-2, 15408-3 (1999)
25. Karger, P.A.: Multi-level security requirements for hypervisors. In: Proc. Annual Computer Security Applications Conference (ACSAC) (December 2005)
26. Kauer, B.: OSLO: Improving the security of Trusted Computing. In: Proc. USENIX Security Symposium (August 2007)
27. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal verification of an OS kernel. In: Proc. SOSP (2009)
28. Microsoft. Microsoft technet MS08-067: Vulnerability in server service could allow remote code execution (2008)
29. Microsoft. Hyper-V architecture. Microsoft Developers Network (2009)
30. Popek, G.J., Goldberg, R.P.: Formal requirements for virtualizable third generation architectures. ACM Comm. 17 (1974)
31. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proc. ACM Conference on Computer and Communications Security, CCS (2009)
32. Robin, J.S., Irvine, C.E.: Analysis of the Intel Pentium's ability to support a secure virtual machine monitor. In: Proc. USENIX Security Symposium (2000)
33. Roscoe, T., Elphinstone, K., Heiser, G.: Hype and virtue. In: Proc. HotOS Workshop (May 2007)
34. Rutkowska, J.: Subverting Vista kernel for fun and profit. SyScan and Black Hat Presentations (2006)
35. Sacco, A.L., Ortega, A.A.: Persistent BIOS infection. Core Security Technologies (2009)
36. Saltzer, J., Schroeder, M.: The protection of information in computer systems. Proc. IEEE 63(9), 1278-1308 (1975)
37. SecuriTeam. Opteron exposed: Reverse engineering AMD K8 microcode updates. SecuriTeam Security Reviews (2004)
38. Seshadri, A., Luk, M., Shi, E., Perrig, A., VanDoorn, L., Khosla, P.: Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In: Proc. SOSP (2005)
39. Sheshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: Proc. SOSP (2007)
40. tboot. Trusted boot (2009), http://sourceforge.net/projects/tboot/
41. P. Technologies. Phoenix securecore (2009), http://www.phoenix.com
42. tpmdd-devel. TPM driver problem on GM45. TPM Device Driver Mailing List (December 2008)
43. Trusted Computing Group. PC client specific TPM interface specification (TIS). Ver. 1.2, Rev. 1.0 (July 2005)
44. Trusted Computing Group. Trusted platform module main specification, Part 1: Design principles, Part 2: TPM structures, Part 3: Commands. Version 1.2, Revision 103 (July 2007)
45. VMware. VMware ESX server system architecture (2009), http://www.vmware.com/support/esx21/doc/esx21-admin-system-architecture.html
46. VMware Communities. ESX 3.5 or Xen 4.1? (2008), http://communities. vmware.com/message/900657
47. Wojtczuk, R.: Detecting and preventing the Xen hypervisor subversions. Invisible Things Lab (2008)
48. Wojtczuk, R.: Subverting the Xen hypervisor. Invisible Things Lab (2008)
49. Wojtczuk, R., Rutkowska, J.: Xen Owning trilogy. Invisible Things Lab (2008)
50. Wojtczuk, R., Rutkowska, J.: Attacking SMM memory via Intel CPU cache poisoning. Invisible Things Lab (2009)
51. XenSource. Xen architecture overview. Version 1.2 (February 2008)