Abstract
In cloud computing, the security of infrastructure is determined by hypervisor (or Virtual Machine Monitor, VMM) designs. Unfortunately, in recent years, many attacks have been developed to compromise the hypervisor, taking over all virtual machines running above the hypervisor. Due to the functions a hypervisor provides, it is very hard to reduce its size. Including a big hypervisor in the Trusted Computing Base (TCB) is not acceptable for a secure system design. Several secure, small, and innovative hypervisor designs, e.g., TrustVisor, CloudVisor, etc., have been proposed to solve the problem. However, these designs either have reduced functionalities or pose strong restrictions to the virtual machines. In this paper, we propose an innovative hypervisor design that splits hypervisor’s functions into a small enough component in the TCB, and other components to provide full functionalities. Our design can significantly reduce the TCB size without sacrificing functionalities. Our experiments also show acceptable costs of our design.
Chapter PDF
Similar content being viewed by others
Keywords
References
“Xen hypervisor project”, http://www.xen.org/products/xenhyp.html
Neiger, G., Santoni, A., Leung, F., Rodgers, D., Uhlig, R.: Intel virtualization technology: Hardware support for efficient processor virtualization. Intel Technology Journal 10(3), 167–177 (2006)
AMD. Secure virtual machine architecture reference manual
Keller, E., Szefer, J., Rexford, J., Lee, R.: Nohype: virtualized cloud infrastructure without the virtualization. In: Proceedings of the 37th Annual International Symposium on Computer Architecture, pp. 350–361. ACM (2010)
Szefer, J., Keller, E., Lee, R., Rexford, J.: Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 401–412. ACM (2011)
Kortchinsky, K.: Hacking 3d (and breaking out of vmware). BlackHat USA (2009)
Cve-2007-4993: Xen guest root can escape to domain 0 through pygrub (2007), http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4993
Cve-2007-5497: Vulnerability in xenserver could result in privilege escalation and arbitrary code executionr (2007), http://support.citrix.com/article/CTX118766
Wojtczuk, R.: Subverting the xen hypervisor. BlackHat USA (2008)
Cve-2008-2100: Vmware buffer overflows in vix api let local users execute arbitrary code in host os (2008), http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud! exploring information leakage in third-party compute clouds. Computer and Communications Security (2009)
Chen, X., Garfinkel, T., Lewis, E., Subrahmanyam, P., Waldspurger, C., Boneh, D., Dwoskin, J., Ports, D.: Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In: ACM SIGARCH Computer Architecture News, vol. 36, pp. 2–13. ACM (2008)
Chhabra, S., Rogers, B., Solihin, Y., Prvulovic, X., Chen, M., Garfinkel, T., Lewis, E., Subrahmanyam, P., Waldspurger, C., Boneh, D., Dwoskin, J., Ports, D.: Secureme: a hardware-software approach to full system security. In: Proceedings of the International Conference on Supercomputing, pp. 108–119. ACM (2011)
Zhang, X., Azab, A., Ning, P.: Sice: A hardware-level strongly isolated computing environment for x86 multi-core platforms. In: 18th ACM Conference on Computer and Communications Security (2011)
Champagne, D., Lee, R.: Scalable architectural support for trusted software. In: 2010 IEEE 16th International Symposium on High Performance Computer Architecture (HPCA), pp. 1–12. IEEE (2010)
Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 203–216. ACM (2011)
Ben-Yehuda, M., Day, M., Dubitzky, Z., Factor, M., Har’El, N., Gordon, A., Liguori, A., Wasserman, O., Yassour, B.: The turtles project: Design and implementation of nested virtualization. In: 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Vancouver, British Columbia, Canada, pp. 423–436 (October 2010)
Goldberg, R.: Architecture of virtual machines. In: Proceedings of the Workshop on Virtual Computer Systems, pp. 74–112. ACM (1973)
Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices 35(11), 168–177 (2000)
Lie, D., Thekkath, C., Horowitz, M.: Implementing an untrusted operating system on trusted hardware. ACM SIGOPS Operating Systems Review 37(5), 178–192 (2003)
Suh, G., Clarke, D., Gassend, B., Van Dijk, M., Devadas, S.: Aegis: architecture for tamper-evident and tamper-resistant processing. In: Proceedings of the 17th Annual International Conference on Supercomputing, pp. 160–171. ACM (2003)
Chhabra, S., Rogers, B., Solihin, Y., Prvulovic, M.: Making secure processors os-and performance-friendly. ACM Transactions on Architecture and Code Optimization (TACO) 5(4), 16 (2009)
Huang, A.: Hacking the Xbox: an introduction to reverse engineering. No Starch Pr. (2003)
Amazon elastic compute cloud, http://aws.amazon.com/
Eucalyptus cloud computing software, http://www.eucalyptus.com/
Flexiscale cloud computing services, http://www.flexiscale.com/
Nimbus platform, http://www.nimbusproject.org/
Rackspace hosting, http://www.rackspace.com/
Xen users’ manual v3.3, http://www.xen.org/products/xenhyp.html
Witteman, M., Oostdijk, M.: Secure application programming in the presence of side channel attacks. In: RSA Conference, vol. 2008 (2008)
Tpm main specification, http://www.trustedcomputinggroup.org/
Specjbb2005 (java server benchmark), http://www.spec.org/jbb2005/
Yang, J., Shin, K.: Using hypervisor to provide data secrecy for user applications on a per-page basis. In: Proceedings of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 71–80. ACM (2008)
Azab, A., Ning, P., Wang, Z., Jiang, X., Zhang, X., Skalsky, N.: Hypersentry: Enabling stealthy in-context measurement of hypervisor integrity. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 38–49. ACM (2010)
Wang, Z., Jiang, X.: Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In: 2010 IEEE Symposium on Security and Privacy, pp. 380–395. IEEE (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Pan, W., Zhang, Y., Yu, M., Jing, J. (2012). Improving Virtualization Security by Splitting Hypervisor into Smaller Components. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds) Data and Applications Security and Privacy XXVI. DBSec 2012. Lecture Notes in Computer Science, vol 7371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31540-4_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-31540-4_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31539-8
Online ISBN: 978-3-642-31540-4
eBook Packages: Computer ScienceComputer Science (R0)