Eliminating the hypervisor attack surface for a more secure cloud

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2011, Pages 401-412

  Szefer, Jakub ^a   Keller, Eric ^a   Lee, Ruby B ^a   Rexford, Jennifer ^a  

^a PRINCETON UNIVERSITY   (United States)

Author keywords

Attack vectors; Hardware security; Hypervisor security; Multicore; Secure cloud computing; Virtualization

Indexed keywords

ATTACK VECTOR; HARDWARE SECURITY; HYPERVISOR; MULTI CORE; SECURE CLOUD COMPUTING; VIRTUALIZATIONS;

BENCHMARKING; COMPUTER HARDWARE; COMPUTER OPERATING SYSTEMS; COMPUTER SYSTEM FIREWALLS; SECURITY OF DATA; USER INTERFACES; VIRTUAL REALITY; WEB SERVICES;

CLOUD COMPUTING;

EID: 80755169480     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2046707.2046754     Document Type: Conference Paper

References (35)

1. ab - Apache HTTP server benchmarking tool. http://httpd.apache.org/docs/ 2.0/programs/ab.html.
2. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 2A: Instruction Set Reference, A-M, page 274. http://www.intel.com/products/ processor/manuals/.
3. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3B: System Programming Guide, Part 2. http://www.intel.com/products/processor/ manuals/.
4. Intel Corporation: Intel Virtualization Technology for Directed I/O. http://download.intel.com/technology/itj/2006/v10i3/v10-i3-art02.pdf.
5. iPXE: Open Source Boot Firmware. http://ipxe.org/.
6. National Vulnerability Database, CVE and CCE Statistics Query Page. http://web.nvd.nist.gov/view/vuln/statistics.
7. PCI SIG: PCI-SIG Single Root I/O Virtualization. http://www.pcisig.com/ specifications/iov/single-root/.
8. Understanding Memory Resource Management in VMware ESX Server. VMWare White Paper. 2009. www.vmware.com/files/pdf/perf-vsphere-memory-management.pdf.
9. A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. HyperSentry: Enabling stealthy in-context measurement of hypervisor integrity. In ACM Conference on Computer and Communications Security (CCS), pages 38-49, October 2010.
10. D. Champagne and R. B. Lee. Scalable architectural support for trusted software. In IEEE International Symposium on High Performance Computer Architecture (HPCA), pages 1-12, Jan. 2010.
11. C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, and A. Warfield. Live migration of virtual machines. In 2nd Symposium on Networked Systems Design and Implementation (NSDI), 2005.
12. J. Dwoskin and R. B. Lee. Hardware-rooted trust for secure key management and transient trust. In ACM Conference on Computer and Communications Security (CCS), Oct. 2007.
13. D. R. Engler, M. F. Kaashoek, and J. O'Toole. Exokernel: An operating system architecture for application-level resource management. In Symposium on Operating Systems Principles (SOSP), December 1995.
14. F. Gens. IT cloud services user survey, pt.2: Top benefits & challenges, Oct. 2008. http://blogs.idc.com/ie/?p=210.
15. J. L. Henning. SPEC CPU2006 benchmark descriptions. SIGARCH Comput. Archit. News, 34:1-17, September 2006.
16. E. Keller, J. Szefer, J. Rexford, and R. B. Lee. NoHype: Virtualized cloud infrastructure without the virtualization. In International Symposium on Computer Architecture (ISCA), June 2010.
17. J. Kelsey, B. Schneier, D. Wagner, and C. Hall. Side channel cryptanalysis of product ciphers. In J.-J. Quisquater, Y. Deswarte, C. Meadows, and D. Gollmann, editors, Computer Security: ESORICS 98, volume 1485 of Lecture Notes in Computer Science, pages 97-110. 1998. (Pubitemid 128135767)
18. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In Symposium on Operating Systems Principles (SOSP), pages 207-220, October 2009.
19. T. Kooburat and M. Swift. The best of both worlds with on-demand virtualization. In Workshop on Hot Topics in Operating Systems (HotOS), May 2011.
20. M. A. Kozuch, M. Kaminsky, and M. P. Ryan. Migration without virtualization. In Workshop on Hot Topics in Operating Systems (HotOS), May 2009.
21. R. B. Lee, P. C. S. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang. Architecture for protecting critical secrets in microprocessors. In International Symposium on Computer Architecture (ISCA), June 2005.
22. I. Leslie, D. McAuley, R. Black, T. Roscoe, P. Barham, D. Evers, R. Fairbairns, and E. Hyden. The design and implementation of an operating system to support distributed multimedia applications. IEEE Journal on Selected Areas in Communication, 14(7), Sept. 1996.
23. C. Li, A. Raghunathan, and N. K. Jha. Secure virtual machine execution under an untrusted management OS. In Proceedings of the Conference on Cloud Computing (CLOUD), July 2010.
24. D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In Architectural Support for Programming Languages and Operating Systems (ASPLOS), November 2000.
25. D. E. Lowell, Y. Saito, and E. J. Samberg. Devirtualizable virtual machines enabling general, single-node, online maintenance. In Architectural Support for Programming Languages and Operating Systems (ASPLOS), October 2004.
26. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE Symposium on Security and Privacy, pages 143-158, May 2010.
27. K. Z. Meth and J. Satran. Design of the iSCSI protocol. In IEEE Symposium on Mass Storage Systems, April 2003.
28. T. Moscibroda and O. Mutlu. Memory performance attacks: Denial of memory service in multi-core systems. In Proceedings of USENIX Security Symposium, August 2007.
29. L. Parziale, E. L. Alves, E. M. Dow, K. Egeler, J. J. Herne, C. Jordan, E. P. Naveen, M. S. Pattabhiraman, and K. Smith. Introduction to the new mainframe: z/VM basics, Nov. 2007. http://www.redbooks.ibm.com/redbooks/pdfs/ sg247316.pdf.
30. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In ACM Conference on Computer and Communications Security (CCS), November 2009.
31. R. Sailer, E. Valdez, T. Jaeger, R. Perez, L. V. Doorn, J. L. Griffin, S. Berger, R. Sailer, E. Valdez, T. Jaeger, R. Perez, L. Doorn, J. Linwood, and G. S. Berger. sHype: Secure hypervisor approach to trusted virtualized systems. Technical Report RC23511, IBM Research, 2005.
32. A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. SIGOPS Oper. Syst. Rev., 41(6):335-350, December 2007. (Pubitemid 351429386)
33. U. Steinberg and B. Kauer. NOVA: A microhypervisor-based secure virtualization architecture. In European Conference on Computer Systems, April 2010.
34. G. E. Suh, C. W. O'Donnell, I. Sachdev, and S. Devadas. Design and implementation of the AEGIS single-chip secure processor using physical random functions. In International Symposium on Computer Architecture (ISCA), June 2005.
35. Z. Wang and X. Jiang. HyperSafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In IEEE Symposium on Security and Privacy, pages 380-395, May 2010.