research-article

Architectural support for secure virtualization under a vulnerable hypervisor

Authors:

Jaehyuk HuhAuthors Info & Claims

MICRO-44: Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture

Pages 272 - 283

https://doi.org/10.1145/2155620.2155652

Published: 03 December 2011 Publication History

Abstract

Although cloud computing has emerged as a promising future computing model, security concerns due to malicious tenants have been deterring its fast adoption. In cloud computing, multiple tenants may share physical systems by using virtualization techniques. In such a virtualized system, a software hypervisor creates virtual machines (VMs) from the physical system, and provides each user with an isolated VM. However, the hypervisor, with a full control over hardware resources, can access the memory pages of guest VMs without any restriction. By compromising the hypervisor, a malicious user can access the memory contents of the VMs used by other users.

In this paper, we propose a hardware-based mechanism to protect the memory of guest VMs from unauthorized accesses, even with an untrusted hypervisor. With this mechanism, memory isolation is provided by the secure hardware, which is much less vulnerable than the software hypervisor. The proposed mechanism extends the current hardware support for memory virtualization with a small extra hardware cost. The hypervisor can still flexibly allocate physical memory pages to virtual machines for efficient resource management. However, the hypervisor can update nested page tables only through the secure hardware mechanism, which verifies each mapping change. Using the hardware-oriented mechanism in each system securing guest VMs under a vulnerable hypervisor, this paper also proposes a cloud system architecture, which supports the authenticated launch and migration of guest VMs.

References

[1]

Advanced Micro Devices. AMD I/O Virtualization Technology (IOMMU) Specification, 2009.

[2]

Advanced Micro Dvices. Secure Virtual Machines Architecture Reference Manual, 2005.

[3]

Advanced Micro Dvices. AMD64 Architecture Programmer's Mannual: Volume 2: System Programming, 2007.

[4]

Advanced Micro Dvices. AMD-V Nested Paging, 2008.

[5]

Amazon Elastic Compute Cloud (Amazon EC2). http://aws.amazon.com/ec2, 2008.

[6]

R. Anderson and M. Kuhn. Low Cost Attacks on Tamper Resistant Devices. In Security Protocols: 5th International Workshop, LNCS, pages 125--136, 1997.

Digital Library

[7]

A. M. Azab, P. Ning, E. C. Sezer, and X. Zhang. HIMA: A Hypervisor-Based Integrity Measurement Agent. In Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC 2009, pages 461--470.

Digital Library

[8]

A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of th 17th ACM Conference on Computer and Communications Security, CCS 2010, pages 38--49.

Digital Library

[9]

D. J. Bernstein. Cache-timing attacks on AES. Technical report, 2005.

[10]

D. Champagne and R. B. Lee. Scalable Architectural Support for Trusted Software. In Proceedings of the 16th IEEE International Symposium on High-Performance Computer Architecture, HPCA 2010, pages 1--12.

[11]

X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D. R. K. Ports. Overshadow: a Virtualization-based Approach to Retrofitting Protection in Commodity Operating Systems. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2008, pages 2--13.

Digital Library

[12]

A. R. Chunxiao Li and N. K. Jha. Secure Virtual Machine Execution under an Untrusted Management OS. In In Proceedings of 2010 IEEE 3rd International Conference on Cloud Computing (CLOUD), CLOUD 2010, pages 172--179.

Digital Library

[13]

H. C. Fengzhe Zhang, Jin Chen and B. Zang. CloudVisor: Retrofitting Protection of Virtual Machines in Multi-tenant Cloud with Nested Virtualization. In To Appear the 23rd ACM Symposium on Operating Systems Principles, SOSP 2011.

Digital Library

[14]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, SOSP 2003, pages 193--206.

Digital Library

[15]

D. Gupta, S. Lee, M. Vrable, S. Savage, A. C. Snoeren, G. Varghese, G. M. Voelker, and A. Vahdat. Difference Engine: Harnessing Memory Redundancy in Virtual Machines. In Proceedings of the 8th USENIX conference on Operating systems design and implementation, OSDI'08, pages 309--322, 2008.

Digital Library

[16]

M. A. Halcrow. eCryptfs: An Enterprise-class Cryptographic Filesystem for Linux. In Proceedings of the Linux Symposium, Linux 05, pages 201--218.

[17]

J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest We Remember: Cold-boot Attacks on Encryption Keys. Commun. ACM, 52:91--98, May 2009.

Digital Library

[18]

Intel. Intel Virtualization Technology for Directed I/O, 2011.

[19]

Intel Corporation. Intel Advanced Encryption Standard (AES) Instruction Set, 2011.

[20]

T. Jaeger, R. Sailer, and U. Shankar. PRIMA: policy-reduced integrity measurement architecture. In Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, SACMAT 2006, pages 19--28.

Digital Library

[21]

S. Jin and J. Huh. Secure MMU: Architectural Support for Memory Isolation among Virtual Machines. In Proceedings of the 7th Workshop on Hot Topics in System Dependability, HotDep 2011.

Digital Library

[22]

E. Keller, J. Szefer, J. Rexford, and R. B. Lee. NoHype: virtualized cloud infrastructure without the virtualization. In Proceedings of the 37th annual international symposium on Computer architecture, ISCA 2010, pages 350--361.

Digital Library

[23]

G. H. Kim and E. H. Spafford. The Design and Implementation of Tripwire: a File System Integrity Checker. In Proceedings of the 2nd ACM Conference on Computer and communications security, CCS 1994, pages 18--29.

Digital Library

[24]

R. B. Lee, P. C. S. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang. Architecture for Protecting Critical Secrets in Microprocessors. In Proceedings of the 32nd annual international symposium on Computer Architecture, ISCA 2005, pages 2--13.

Digital Library

[25]

D. Lie, C. A. Thekkath, and M. Horowitz. Implementing an Untrusted Operating System on Trusted Hardware. In Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 178--192, 2003.

Digital Library

[26]

D. Lie, C. A. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. C. Mitchell, and M. Horowitz. Architectural Support for Copy and Tamper Resistant Software. In Proceedings of the ninth international conference on Architectural support for programming languages and operating systems, ASPLOS 2000, pages 168--177.

Digital Library

[27]

J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. D. Gligor, and A. Perrig. TrustVisor: Efficient TCB Reduction and Attestation. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, S&P 2010, pages 143--158.

Digital Library

[28]

R. C. Merkle. Protocols for Public Key Cryptosystems. In Proceedings of the 1980 IEEE Symposium on Security and Privacy, S&P 1980, pages 122--134.

[29]

G. Milós, D. G. Murray, S. Hand, and M. A. Fetterman. Satori: Enlightened Page Sharing. In Proceedings of the 2009 conference on USENIX Annual technical conference, USENIX'09, 2009.

Digital Library

[30]

D. G. Murray, G. Milos, and S. Hand. Improving Xen Security through Disaggregation. In Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments, VEE 2008, pages 151--160.

Digital Library

[31]

G. Neiger, A. Santoni, F. Leung, D. Rodger, and R. Uhlig. Intel Virtualization Technology: Hardware Support for Effcient Processor Virtualization. Intel Technology Journal, 10(03):167--178, 2006.

[32]

D. A. Osvik, A. Shamir, and E. Tromer. Cache Attacks and Countermeasures: the Case of AES. In RSA Conference Cryptographers Track, CT-RSA 2006, pages 1--20, 2005.

Digital Library

[33]

D. Page. Defending against cache-based side-channel attacks. Information Security Technical Report, 8:30--44, March 2003.

[34]

A. G. Pennington, J. L. Griffin, J. S. Bucy, J. D. Strunk, and G. R. Ganger. Storage-Based Intrusion Detection. ACM Transactions on Information and System Security, 36(7):18--29, 2003.

Digital Library

[35]

RUBiS Benchmark. http://rubis.ow2.org, 2008.

[36]

Secunia Vulnerability Report: VMware ESX Server 4.x. http://secunia.com/advisories/product/25985/,2010.

[37]

Secunia Vulnerability Report: Xen 3.x.http://secunia.com/advisories/product/15863/,2010.

[38]

Security Is Chief Obstacle To Cloud Computing Adoption. http://www.darkreading.com/securityservices/security/perimeter/showArti%cle.jhtml?articleID=221901195, 2009.

[39]

G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. AEGIS: Architecture for Tamper-evident and Tamper-resistant Processing. In Proceedings of the 2003 International Conference on Supercomputing, ICS 2003, pages 160--171.

Digital Library

[40]

Survey: Cloud Computing "No Hype", But Fear of Security and Cloud Slowing Adoption. http://www.circleid.com/posts/20090226_cloud_computing_hype_security, 2009.

[41]

R. Ta-Min, L. Litty, and D. Lie. Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. In Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pages 279--292.

Digital Library

[42]

Trusted Platform Module. http://www.trustedcomputinggroup.org/developers/trusted_platform_module%.

[43]

VMware ESX and ESXi. http://www.vmware.com/products/vsphere/esxi-and-esx/index.html, 2010.

[44]

VolanoMark. http://www.volano.com/benchmark, 2009.

[45]

C. A. Waldspurger. Memory Resource Management in VMware ESX Server. In Proceedings of the 5th symposium on Operating systems design and implementation, OSDI'02, pages 181--194, New York, NY, USA, 2002. ACM.

Digital Library

[46]

Z. Wang and X. Jiang. HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In IEEE Symposium on Security and Privacy, S&P 2010, pages 380--395.

Digital Library

[47]

Z. Wang and R. B. Lee. New Cache Designs for Thwarting Software Cache-based Side Channel Attacks. ACM SIGARCH Computer Architecture News, 35:494--505, May 2007.

Digital Library

[48]

Windows Azure Platform. http://www.microsoft.com/windowsazure/, 2010.

Digital Library

[49]

Xen Hypervisor. http://www.xen.org/, 2010.

[50]

J. Yang and K. G. Shin. Using Hypervisor to Provide Data Secrecy for User Applications on a Per-Page Basis. In Proceedings of the 4th International Conference on Virtual Execution Environments, VEE 2008, pages 71--80.

Digital Library

[51]

N. Zeldovich, H. Kannan, M. Dalton, and C. Kozyrakis. Hardware Enforcement of Application Security Policies Using Tagged Memory. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, pages 225--240.

Digital Library

Cited By

Verma RRane DJha RIbrahim W(2022)Next-Generation Optimization Models and Algorithms in Cloud and Fog Computing Virtualization SecurityScientific Programming10.1155/2022/24192912022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/2419291
Al Zoubi RMahfood BAbbas S(2022)Security Issues and Defenses in VirtualizationProceedings of International Conference on Information Technology and Applications10.1007/978-981-16-7618-5_52(605-617)Online publication date: 21-Apr-2022
https://doi.org/10.1007/978-981-16-7618-5_52
Han JZang WYu MSandhu R(2021)Quantify Co-Residency Risks in the Cloud Through Deep LearningIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.303207318:4(1568-1579)Online publication date: 1-Jul-2021
https://doi.org/10.1109/TDSC.2020.3032073
Show More Cited By

Index Terms

Architectural support for secure virtualization under a vulnerable hypervisor
1. Computer systems organization
  1. Architectures
2. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Architectural support for hypervisor-secure virtualization
ASPLOS XVII: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...
Eliminating the hypervisor attack surface for a more secure cloud
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Cloud computing is quickly becoming the platform of choice for many web services. Virtualization is the key underlying technology enabling cloud providers to host services for a large number of customers. Unfortunately, virtualization software is large, ...
Architectural support for hypervisor-secure virtualization
ASPLOS '12

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MICRO-44: Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture

December 2011

519 pages

ISBN:9781450310536

DOI:10.1145/2155620

Conference Chair:
Carlo Galuzzi
Technische Universiteit Delft, The Netherlands
,
General Chair:
Luigi Carro
Universidade Federal do Rio Grande do Sul, Brasil
,
Program Chairs:
Andreas Moshovos
University of Toronto, Canada
,
Milos Prvulovic
Georgia Institute of Technology, United States

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

IEEE
ACM: Association for Computing Machinery
UFRGS: Universidade Federal do Rio Grande do Sul
SIGMICRO: ACM Special Interest Group on Microarchitectural Research and Processing
IEEE-CS: Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 December 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Conference

MICRO-44

Sponsor:

ACM
UFRGS
SIGMICRO
IEEE-CS

MICRO-44: The 44th Annual IEEE/ACM International Symposium on Microarchitecture

December 3 - 7, 2011

Porto Alegre, Brazil

Acceptance Rates

Overall Acceptance Rate 484 of 2,242 submissions, 22%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

65
Total Citations
View Citations
1,159
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)2

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Verma RRane DJha RIbrahim W(2022)Next-Generation Optimization Models and Algorithms in Cloud and Fog Computing Virtualization SecurityScientific Programming10.1155/2022/24192912022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/2419291
Al Zoubi RMahfood BAbbas S(2022)Security Issues and Defenses in VirtualizationProceedings of International Conference on Information Technology and Applications10.1007/978-981-16-7618-5_52(605-617)Online publication date: 21-Apr-2022
https://doi.org/10.1007/978-981-16-7618-5_52
Han JZang WYu MSandhu R(2021)Quantify Co-Residency Risks in the Cloud Through Deep LearningIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.303207318:4(1568-1579)Online publication date: 1-Jul-2021
https://doi.org/10.1109/TDSC.2020.3032073
Na SLee SKim YPark JHuh J(2021)Common Counters: Compressed Encryption Counters for Secure GPU Memory2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA51647.2021.00011(1-13)Online publication date: Feb-2021
https://doi.org/10.1109/HPCA51647.2021.00011
Mi ZLi DChen HZang BGuan HCapkun SRoesner F(2020)(Mostly) Exitless VM protection from untrusted hypervisor through disaggregated nested virtualizationProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489308(1695-1712)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489308
Borntrager CBradbury JBundgen RBusaba FHeller LMihajlovski V(2020)Secure your cloud workloads with IBM Secure Execution for Linux on IBM z15 and LinuxONE IIIIBM Journal of Research and Development10.1147/JRD.2020.300810964:5/6(2:1-2:11)Online publication date: Sep-2020
https://doi.org/10.1147/JRD.2020.3008109
Wilke LWichelmann JMorbitzer MEisenbarth T(2020)SEVurity: No Security Without Integrity : Breaking Integrity-Free Memory Encryption with Minimal Assumptions2020 IEEE Symposium on Security and Privacy (SP)10.1109/SP40000.2020.00080(1483-1496)Online publication date: May-2020
https://doi.org/10.1109/SP40000.2020.00080
Park JKang NKim TKwon YHuh J(2020)Nested Enclave: Supporting Fine-grained Hierarchical Isolation with SGX2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA)10.1109/ISCA45697.2020.00069(776-789)Online publication date: May-2020
https://doi.org/10.1109/ISCA45697.2020.00069
S. RVijayakumar R(2020)Stackelberg Model with MFO mitigate Co-RDoS threats in Cloud servers2020 4th International Conference on Intelligent Computing and Control Systems (ICICCS)10.1109/ICICCS48265.2020.9121149(1170-1177)Online publication date: May-2020
https://doi.org/10.1109/ICICCS48265.2020.9121149
Li SKoh JNieh JHeninger NTraynor P(2019)Protecting cloud virtual machines from commodity hypervisor and host operating system exploitsProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361433(1357-1374)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361433
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents