Delusional boot: securing hypervisors without massive re-engineering
作者: Anh Nguyen , Himanshu Raj , Shravan Rayanchu , Stefan Saroiu , Alec Wolman
关键词: Booting 、 Hardware virtualization 、 Hypervisor 、 Virtual machine 、 Virtualization 、 Embedded system 、 Operating system 、 Computer science 、 Cloud computing 、 Reboot 、 Storage hypervisor
摘要: The set of virtual devices offered by a hypervisor to its guest VMs is virtualization component ripe with security exploits -- more than half all vulnerabilities today's hypervisors are found in this codebase. This paper presents Min-V, that disables not critical running the cloud. Of remaining devices, Min-V takes step further and eliminates functionality needed for cloud.To implement we had overcome an obstacle: boot process many commodity OSes depends on legacy absent from our hypervisor. introduces delusional boot, mechanism allows successfully without developers having re-engineer initialization code these OSes, as well BIOS pre-OS (e.g., bootloader) code. We evaluate demonstrate improvements incur no performance overhead except small delay during reboot VM. Our reliability tests show able run unmodified Linux Windows top minimal interface.
acm.org
sci-hub.se 参考文章(32)
Vitaly Shmatikov, Ann Kilzer, Srinath T. V. Setty, Indrajit Roy, Emmett Witchel, Airavat: security and privacy for MapReduce networked systems design and implementation. pp. 20- 20 ,(2010) , 10.5555/1855711.1855731
Andrew Warfield, Steven Hand, Ian Pratt, Mark Williamson, Rolf Neugebauer, Keir Fraser, Safe Hardware Access with the Xen Virtual Machine Monitor ,(2007)
Andrew G. Miklas, Alec Wolman, Angela Demke Brown, Stefan Saroiu, Bunker: a privacy-oriented platform for network tracing networked systems design and implementation. pp. 29- 42 ,(2009)
Reiner Sailer, Leendert van Doorn, Trent Jaeger, Xiaolan Zhang, Design and implementation of a TCG-based integrity measurement architecture usenix security symposium. pp. 16- 16 ,(2004)
Tom Shanley, Protected mode software architecture ,(1996)
Silas Boyd-Wickizer, Nickolai Zeldovich, Tolerating malicious device drivers in Linux usenix annual technical conference. pp. 9- 9 ,(2010)
Emin Gün Sirer, Fred B. Schneider, Kevin Walsh, Dan Williams, Patrick Reynolds, Device driver safety through a reference validation mechanism operating systems design and implementation. pp. 241- 254 ,(2008) , 10.5555/1855741.1855758
Giuseppe Ateniese, Seny Kamara, Jonathan Katz, Proofs of Storage from Homomorphic Identification Protocols international conference on the theory and application of cryptology and information security. ,vol. 5912, pp. 319- 333 ,(2009) , 10.1007/978-3-642-10366-7_19
Ben-Ami Yassour, Muli Ben-Yehuda, Michael Factor, Orit Wasserman, Nadav Har'El, Anthony Liguori, Abel Gordon, Zvi Dubitzky, Michael D. Day, The turtles project: design and implementation of nested virtualization operating systems design and implementation. pp. 423- 436 ,(2010) , 10.5555/1924943.1924973
Krishna P. Gummadi, Nuno Santos, Rodrigo Rodrigues, Towards trusted cloud computing ieee international conference on cloud computing technology and science. pp. 1- 5 ,(2009)