research-article

Architectural support for hypervisor-secure virtualization

Authors:

Ruby B. LeeAuthors Info & Claims

ASPLOS XVII: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems

Pages 437 - 450

https://doi.org/10.1145/2150976.2151022

Published: 03 March 2012 Publication History

Abstract

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual machines (VMs). Continuing releases of bug reports and exploits in the virtualization software show that defending the hypervisor against attacks is very difficult. In this work, we present hypervisor-secure virtualization - a new research direction with the goal of protecting the guest VMs from an untrusted hypervisor. We also present the HyperWall architecture which achieves hypervisor-secure virtualization, using hardware to provide the protections. HyperWall allows a hypervisor to freely manage the memory, processor cores and other resources of a platform. Yet once VMs are created, our new Confidentiality and Integrity Protection (CIP) tables protect the memory of the guest VMs from accesses by the hypervisor or by DMA, depending on the customer's specification. If a hypervisor does become compromised, e.g. by an attack from a malicious VM, it cannot be used in turn to attack other VMs. The protections are enabled through minimal modifications to the microprocessor and memory management units. Whereas much of the previous work concentrates on protecting the hypervisor from attacks by guest VMs, we tackle the problem of protecting the guest VMs from the hypervisor.

References

[1]

Amazon Elastic Compute Cloud (Amazon EC2). http://aws.amazon.com/ec2/.

[2]

AMD Virtualization (AMD-V) Technology. http://sites.amd.com/us/business/it-solutions/virtualization/Pages/amd-v.aspx.

[3]

Intel 82802AB/82802AC Firmware Hub (FWH) datasheet, November 2000. http://download.intel.com/design/chipsets/datashts/29065804.pdf.

[4]

Intel Corporation: Intel Virtualization Technology for Directed I/O. http://download.intel.com/technology/itj/2006/v10i3/v10-i3-art02.pdf.

[5]

Intel Virtualization Technology. http://www.intel.com/technology/itj/2006/v10i3/1-hardware/6-vt-x-vt-i-solutions.htm.

[6]

Introduction to the New Mainframe: z/VM Basics, section 1.9.2 and 2.4.1. IBM Redbooks, http://www.redbooks.ibm.com/abstracts/sg247316.html.

[7]

National Vulnerability Database, CVE and CCE Statistics Query Page. http://web.nvd.nist.gov/view/vuln/statistics.

[8]

Oracle VM Server For SPARC. http://www.oracle.com/us/oraclevm-sparc-ds-073441.pdf.

[9]

PCI SIG: PCI-SIG Single Root I/O Virtualization. http://www.pcisig.com/specifications/iov/single_root/.

[10]

PolarSSL, Small Cryptographic Library. http://www.polarssl.org.

[11]

Trusted Computing Group. TCG TPM Specification. http://www.trustedcomputinggroup.org/.

[12]

VMWare. http://www.vmware.com/.

[13]

Vulnerability Summary for CVE-2007--4993. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007--4993.

[14]

Xen. http://www.xen.org.

[15]

A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. Hypersentry: enabling stealthy in-context measurement of hypervisor integrity. In Proc. of the 17th ACM Conference on Computer and Communications Security, CCS, pages 38--49, October 2010.

Digital Library

[16]

M. Ben-Yehuda, M. D. Day, Z. Dubitzky, M. Factor, N. Har'El, A. Gordon, A. Liguori, O. Wasserman, and B.-A. Yassour. The turtles project: design and implementation of nested virtualization. In Proc. of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI, pages 1--6, October 2010.

Digital Library

[17]

E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In Proc. of the 11th ACM Conference on Computer and Communications Security, CCS, pages 132--145, October 2004.

Digital Library

[18]

D. Champagne and R. Lee. Scalable architectural support for trusted software. In 16th International Symposium on High Performance Computer Architecture (HPCA), pages 1 --12, January 2010.

[19]

P. M. Chen and B. D. Noble. When virtual is better than real. Workshop on Hot Topics in Operating Systems, May 2001.

Digital Library

[20]

X. Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, J. Dwoskin, and D. R. Ports. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In Proc. of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS, pages 2--13, March 2008.

Digital Library

[21]

C. Gentry. Fully homomorphic encryption using ideal lattices. In Proc. of the annual Symposium on Theory of Computing, STOC, pages 169--178, May 2009.

Digital Library

[22]

J. G. Hansen and E. Jul. Self-migration of operating systems. In Proc. of the 11th ACM SIGOPS European Workshop, September 2004.

Digital Library

[23]

E. Keller, J. Szefer, J. Rexford, and R. B. Lee. NoHype: virtualized cloud infrastructure without the virtualization. In Proc. of the 37th annual International Symposium on Computer Architecture, ISCA, pages 350--361, June 2010.

Digital Library

[24]

M. Kim, J. Ryou, and S. Jun. Efficient Hardware Architecture of SHA-256 Algorithm for Trusted Mobile Computing. In Information Security and Cryptology, volume 5487 of Lecture Notes in Computer Science, pages 240--252. 2009.

Digital Library

[25]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: formal verification of an OS kernel. In Proc. of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, SOSP, pages 207--220, October 2009.

Digital Library

[26]

F. Krautheim, D. Phatak, and A. Sherman. Introducing the Trusted Virtual Environment Module: A New Mechanism for Rooting Trust in Cloud Computing. In Trust and Trustworthy Computing, volume 6101 of Lecture Notes in Computer Science, pages 211--227. 2010.

Digital Library

[27]

G. Kroah-Hartman, J. Corbet, and A. McPherson. Linux kernel development. A White Paper By The Linux Foundation, December 2010. www.linuxfoundation.org/publications/whowriteslinux.pdf.

[28]

R. B. Lee and Y.-Y. Chen. Processor accelerator for AES. In Proc. of the 8th IEEE Symposium on Application Specific Processors, SASP, pages 16 --21, June 2010.

Digital Library

[29]

R. B. Lee, P. C. S. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang. Architecture for Protecting Critical Secrets in Microprocessors. In Proc. of the 32nd annual International Symposium on Computer Architecture, ISCA, pages 2--13, June 2005.

Digital Library

[30]

Y. Lee, H. Chan, and I. Verbauwhede. Iteration Bound Analysis and Throughput Optimum Architecture of SHA-256 (384,512) for Hardware Implementations. In S. Kim, M. Yung, and H.-W. Lee, editors, Information Security Applications, volume 4867 of Lecture Notes in Computer Science, pages 102--114. 2007.

Digital Library

[31]

C. Li, A. Raghunathan, and N. K. Jha. Secure Virtual Machine Execution under an Untrusted Management OS. Proc. of the IEEE International Conference on Cloud Computing, pages 172--179, July 2010.

Digital Library

[32]

D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In Proc. of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS, November 2000.

Digital Library

[33]

F. Lombardi and R. Di Pietro. KvmSec: a security extension for Linux kernel virtual machines. In Proc. of the 2009 ACM Symposium on Applied Computing, SAC, pages 2029--2034, March 2009.

Digital Library

[34]

V. Maraia. The Build Master: Microsoft's Software Configuration Management Best Practices. Addison-Wesley Professional, 2005.

Digital Library

[35]

J. M. McCune, B. J. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: an execution infrastructure for TCB minimization. In Proc. of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems, EuroSys, pages 315--328, March 2008.

Digital Library

[36]

A. Miyamoto, N. Homma, T. Aoki, and A. Satoh. Systematic Design of RSA Processors Based on High-Radix Montgomery Multipliers. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, (99):1--11, 2010.

Digital Library

[37]

T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proc. of the conference on Computer and Communications Security, CCS, pages 199--212, Nov. 2009.

Digital Library

[38]

J. Rutkowska. Subverting Vista Kernel for Fun and Profit. Symposium on Security for Asia Network (SyScan), July 2006.

[39]

G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. AEGIS: architecture for tamper-evident and tamper-resistant processing. In Proc. of the 17th annual International Conference on Supercomputing, ICS, pages 160--171, June 2003.

Digital Library

[40]

J. Szefer and R. B. Lee. A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing. In Proc. of the Second International Workshop on Security and Privacy in Cloud Computing, SPCC, June 2011.

Digital Library

[41]

A. Tereshkin and R. Wojtczuk. Introducing ring -3 rootkits. Black Hat USA, July 2009.

[42]

A. Vasudevan, J. M. McCune, N. Qu, L. Van Doorn, and A. Perrig. Requirements for an integrity-protected hypervisor on the x86 hardware virtualized architecture. In Proc. of the 3rd international conference on Trust and Trustworthy Computing, TRUST, pages 141--165, June 2010.

Digital Library

[43]

C. A. Waldspurger. Memory resource management in VMware ESX server. SIGOPS Oper. Syst. Rev., 36:181--194, December 2002.

Digital Library

[44]

Z. Wang and X. Jiang. HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity. In Proc. of the 2010 IEEE Symposium on Security and Privacy, S&P, pages 380 --395, May 2010.

Digital Library

[45]

Z. Wang, X. Jiang, W. Cui, and P. Ning. Countering kernel rootkits with lightweight hook protection. In Proc. of the conference on Computer and Communications Security, CCS, pages 545--554, Nov. 2009.

Digital Library

[46]

Z. Wang and R. B. Lee. A novel cache architecture with enhanced performance and security. In Proc. of the annual IEEE/ACM International Symposium on Microarchitecture, MICRO, pages 83--93, Nov. 2008.

Digital Library

[47]

R. Wojtczuk and J. Rutkowska. Attacking intel trusted execution technology. Black Hat DC, Feb. 2009.

Cited By

黄庆(2024)A Security Model for Virtual Machine Rollback in Cloud EnvironmentsComputer Science and Application10.12677/csa.2024.14615614:06(196-207)Online publication date: 2024
https://doi.org/10.12677/csa.2024.146156
Surianarayanan CChelliah P(2023)Integration of the Internet of Things and CloudInternational Journal of Cloud Applications and Computing10.4018/IJCAC.32562413:1(1-30)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.4018/IJCAC.325624
Hua WUmar MZhang ZSuh GSalapura VZahran MChong FTang L(2022)MGXProceedings of the 49th Annual International Symposium on Computer Architecture10.1145/3470496.3527418(726-741)Online publication date: 18-Jun-2022
https://dl.acm.org/doi/10.1145/3470496.3527418
Show More Cited By

Index Terms

Architectural support for hypervisor-secure virtualization
1. Computer systems organization
  1. Architectures

Recommendations

Architectural support for secure virtualization under a vulnerable hypervisor
MICRO-44: Proceedings of the 44th Annual IEEE/ACM International Symposium on Microarchitecture

Although cloud computing has emerged as a promising future computing model, security concerns due to malicious tenants have been deterring its fast adoption. In cloud computing, multiple tenants may share physical systems by using virtualization ...
Architectural support for hypervisor-secure virtualization
ASPLOS '12

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...
Architectural support for hypervisor-secure virtualization
ASPLOS '12

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS XVII: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems

March 2012

476 pages

ISBN:9781450307598

DOI:10.1145/2150976

General Chair:
Tim Harris
Microsoft Research
,
Program Chair:
Michael L. Scott
University of Rochester

ACM SIGARCH Computer Architecture News Volume 40, Issue 1
ASPLOS '12
March 2012
453 pages
ISSN:0163-5964
DOI:10.1145/2189750
Issue’s Table of Contents
ACM SIGPLAN Notices Volume 47, Issue 4
ASPLOS '12
April 2012
453 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2248487
Issue’s Table of Contents

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 March 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASPLOS'12

Sponsor:

ASPLOS'12: Seventeenth International Conference on Architectural Support for Programming Languages and Operating Systems

March 3 - 7, 2012

London, England, UK

Acceptance Rates

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

152
Total Citations
View Citations
2,018
Total Downloads

Downloads (Last 12 months)83
Downloads (Last 6 weeks)12

Reflects downloads up to 26 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

黄庆(2024)A Security Model for Virtual Machine Rollback in Cloud EnvironmentsComputer Science and Application10.12677/csa.2024.14615614:06(196-207)Online publication date: 2024
https://doi.org/10.12677/csa.2024.146156
Surianarayanan CChelliah P(2023)Integration of the Internet of Things and CloudInternational Journal of Cloud Applications and Computing10.4018/IJCAC.32562413:1(1-30)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.4018/IJCAC.325624
Hua WUmar MZhang ZSuh GSalapura VZahran MChong FTang L(2022)MGXProceedings of the 49th Annual International Symposium on Computer Architecture10.1145/3470496.3527418(726-741)Online publication date: 18-Jun-2022
https://dl.acm.org/doi/10.1145/3470496.3527418
Umar MHua WZhang ZSuh GSalapura VZahran MChong FTang L(2022)SoftVNProceedings of the 49th Annual International Symposium on Computer Architecture10.1145/3470496.3527378(160-172)Online publication date: 18-Jun-2022
https://dl.acm.org/doi/10.1145/3470496.3527378
Chanodiya* MPotey D(2021)Compositional Defence of Application Privacy in Resistant to Physical and Software Attacks in Untrusted Cloud EnvironmentInternational Journal of Engineering and Advanced Technology10.35940/ijeat.F3024.081062110:6(70-78)Online publication date: 30-Aug-2021
https://doi.org/10.35940/ijeat.F3024.0810621
Zhang TSzefer JLee R(2021)Practical and Scalable Security Verification of Secure ArchitecturesProceedings of the 10th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3505253.3505256(1-9)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3505253.3505256
Na SLee SKim YPark JHuh J(2021)Common Counters: Compressed Encryption Counters for Secure GPU Memory2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA51647.2021.00011(1-13)Online publication date: Mar-2021
https://doi.org/10.1109/HPCA51647.2021.00011
Mi ZLi DChen HZang BGuan HCapkun SRoesner F(2020)(Mostly) Exitless VM protection from untrusted hypervisor through disaggregated nested virtualizationProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489308(1695-1712)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489308
Eckel MFuchs ARepp JSpringer M(2020)Secure Attestation of Virtualized EnvironmentsICT Systems Security and Privacy Protection10.1007/978-3-030-58201-2_14(203-216)Online publication date: 14-Sep-2020
https://doi.org/10.1007/978-3-030-58201-2_14
Li SKoh JNieh JHeninger NTraynor P(2019)Protecting cloud virtual machines from commodity hypervisor and host operating system exploitsProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361433(1357-1374)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361433
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents