A case for hardware protection of guest VMs from compromised hypervisors in cloud computing

Proceedings - International Conference on Distributed Computing Systems

Volumn , Issue , 2011, Pages 248-252

  Szefer, Jakub ^a   Lee, Ruby B ^a  

^a Princeton University   (United States)

Author keywords

Hardware security; Hypervisors; Security architectures; virtual machines

Indexed keywords

COMPUTING MODEL; CONFIDENTIAL DATA; HARDWARE MECHANISM; HARDWARE PROTECTION; HARDWARE SECURITY; HYPERVISORS; INTEGRAL PART; MALICIOUS CODES; MULTI CORE; RESEARCH DIRECTIONS; SECURITY ARCHITECTURE; SYSTEM MANAGEMENT SOFTWARE; VIRTUAL MACHINES; VIRTUALIZATIONS;

COMPUTER SYSTEMS; OPERATING COSTS; RESEARCH; VIRTUAL REALITY;

CLOUD COMPUTING;

EID: 80052421239     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICDCSW.2011.51     Document Type: Conference Paper

References (21)

1. Amazon EC2. http://aws.amazon.com/ec2/.
2. AMD Virtualization (AMD-V) Technology. http://sites.amd.com/us/ business/it-solutions/virtualization/Pages/amd-v.aspx.
3. Intel Corporation: Intel Virtualization Technology for Directed I/O. http: //download.intel.com/technology/itj/2006/v10i3/v10-i3-art02.pdf.
4. Intel Virtualization Technology. http://www.intel.com/technology/itj/ 2006/v10i3/1-hardware/6-vt-x-vt-i-solutions.htm.
5. PCI SIG: PCI-SIG Single Root I/O Virtualization. http://www.pcisig.com/ specifications/iov/single root/.
6. Vulnerability Summary for CVE-2007-4993. http://web.nvd.nist.gov/view/ vuln/detail?vulnId=CVE-2007-4993.
7. D. Champagne and R. Lee. Scalable architectural support for trusted software. In High Performance Computer Architecture (HPCA), 2010 IEEE 16th International Symposium on, pages 1-12, 2010.
8. J. S. Dwoskin and R. B. Lee. Hardware-rooted trust for secure key management and transient trust. In Proceedings of the 14th ACM conference on Computer and communications security, CCS '07, pages 389-400, New York, NY, USA, 2007. ACM.
9. E. Keller, J. Szefer, J. Rexford, and R. B. Lee. NoHype: virtualized cloud infrastructure without the virtualization. In Proceedings of the 37th annual international symposium on Computer architecture, ISCA '10, pages 350-361, New York, NY, USA, 2010. ACM.
10. M. A. Kozuch, M. Kaminsky, and M. P. Ryan. Migration without virtualization. In 12th Workshop on Hot Topics in Operating Systems (HotOS), 2009.
11. R. B. Lee, P. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang. Architecture for protecting critical secrets in microprocessors. pages 2-13, Madison, Wisconsin, USA, June 2005.
12. D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. SIGPLAN Not., 35:168-177, November 2000. (Pubitemid 32470896)
13. T. Ormandy. An empirical study into the security exposure to hosts of hostile virtualized environments. CanSecWest Applied Security Conference, 2007.
14. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pages 199-212, New York, NY, USA, 2009. ACM.
15. K. Shimizu, H. P. Hofstee, and J. S. Liberty. Cell broadband engine processor vault security architecture. IBM Journal of Research and Development, 51(5):521-528, 2007. (Pubitemid 350031352)
16. S. W. Smith and D. Safford. Practical server privacy with secure coprocessors. IBM Systems Journal, 40(3):683-695, 2001. (Pubitemid 32933425)
17. G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. Aegis: architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th annual international conference on Supercomputing, ICS '03, pages 160-171, New York, NY, USA, 2003. ACM.
18. Z. Wang and X. Jiang. Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 380-395, May 2010.
19. Z. Wang, X. Jiang, W. Cui, and P. Ning. Countering kernel rootkits with lightweight hook protection. In CCS '09: Proceedings of the 16th ACM conference on Computer and communications security, pages 545-554, New York, NY, USA, 2009. ACM.
20. Z. Wang and R. B. Lee. A novel cache architecture with enhanced performance and security. In Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture, MICRO 41, pages 83-93, Washington, DC, USA, 2008. IEEE Computer Society.
21. R. Wojtczuk. Subverting the Xen hypervisor. Black Hat USA, 2008.