A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
TrustOSV: Building Trustworthy Executing Environment with Commodity Hardware for a Safe Cloud
2014
Journal of Computers
Preserved Fulltext
In this paper, we first make an analysis of the potential threats to a commodity hypervisor, and then propose architecture to build a more trustworthy executing environment for IaaS cloud. ...
The main ideas of our architecture are: removing interaction between hypervisor and the exposed executing environment, enhancing platform data secrecy as well as providing feature rich environment attestation ...
ACKNOWLEDGMENT We would like to thank Pilar Howard, Cancan Wang and all other anonymous reviewers for their comments and suggestions. ...
doi:10.4304/jcp.9.10.2303-2314
fatcat:vtvemobhqfc5rofsylxpvnizem
Experience Report: An Analysis of Hypercall Handler Vulnerabilities
2014
2014 IEEE 25th International Symposium on Software Reliability Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
and securing these interfaces. ...
As a result, attackers are exploring vectors to attack hypervisors, against which an attack may be executed via several attack vectors such as device drivers, virtual machine exit events, or hypercalls ...
ACKNOWLEDGMENT This work is a part of the RELATE project, which is supported by the European Commission under the Seventh Framework Programme FP7 with Grant Agreement No. 264840ITN. ...
doi:10.1109/issre.2014.24
dblp:conf/issre/MilenkoskiPAVK14
fatcat:imlr2a6iindplafabdvpprj66e
Virtualizing mixed-criticality systems: A survey on industrial trends and issues
2021
Future generations computer systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2021 pre-print arXiv:2112.06875v1 fatcat:4wbdbs6ixvcnlb4g5inlwzaj7i
Virtualization is gaining attraction in the industry as it promises a flexible way to integrate, manage, and re-use heterogeneous software components with mixed-criticality levels, on a shared hardware ...
In particular, we analyze how different virtualization approaches and solutions can impact isolation guarantees and testing/certification activities, and how they deal with dependability challenges. ...
The seL4 [70, 71] is a formal-verified microkernel designed to be used in security-and safety-critical systems. ...
doi:10.1016/j.future.2021.12.002
fatcat:4q277etxfjewlpmkjcn7by42pm
Isolating commodity hosted hypervisors with HyperLock
2012
Proceedings of the 7th ACM european conference on Computer Systems - EuroSys '12
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We have built a proof-ofconcept HyperLock prototype to confine the popular KVM hypervisor on Linux. ...
Specifically, we provide a secure hypervisor isolation runtime with its own separated address space and a restricted instruction set for safe execution. ...
This work was supported in part by the US Army Research Office (ARO) under grant W911NF-08-1-0105 managed by NCSU Secure Open Systems Initiative (SOSI) and the US National Science Foundation (NSF) under ...
doi:10.1145/2168836.2168850
dblp:conf/eurosys/WangWGJ12
fatcat:3u4aiaef3fhzhg5pasjsfg6s2i
T-Visor: A Hypervisor for Mixed Criticality Embedded Real-time System with Hardware Virtualization Support
[article]
2018
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
We present the design and implementation of T-Visor, a hypervisor specialized for mixed criticality embedded real-time systems. ...
From these results, we conclude that our design and implementation are more suitable for embedded real-time systems than the existing hypervisors. ...
KVM is a Type-2 hypervisor. KVM is available on ARM architecture with Virtualization Extensions [6] . ...
arXiv:1810.05068v1
fatcat:gx3ftsrmavefflzqtcajq3ry7e
Virtual CPU validation
2015
Proceedings of the 25th Symposium on Operating Systems Principles - SOSP '15
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Testing the hypervisor is important for ensuring the correct operation and security of systems, but it is a hard and challenging task. ...
We thus propose to apply the testing environment of CPU vendors to hypervisors. We demonstrate the advantages of our proposal by adapting Intel's testing facility to the Linux KVM hypervisor. ...
Acknowledgments We thank Paolo Bonzini from Redhat and our shepherd Andrew Baumann. The research leading to the results presented in this paper was partially supported by: the Israel Science ...
doi:10.1145/2815400.2815420
dblp:conf/sosp/AmitTSAS15
fatcat:edvb3verxreihawmtqj6sl55qm
Mitigating vulnerability windows with hypervisor transplant
2021
Proceedings of the Sixteenth European Conference on Computer Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
It involves temporarily replacing the current datacenter hypervisor (e.g., Xen) which is subject to a critical security flaw, by a different hypervisor (e.g., KVM) which is not subject to the same vulnerability ...
ABSTRACT The vulnerability window of a hypervisor regarding a given security flaw is the time between the identification of the flaw and the integration of a correction/patch in the running hypervisor. ...
Thanks to Mar Callau-Zori and Christophe Hubert from 3DS Outscale, Cody Hammock from Chameleon Cloud, Simon Delamare from Grid'5000 and the Xen security team for your insights. ...
doi:10.1145/3447786.3456235
fatcat:w7qmcg6ftraldjvr5bnse2rmhu
A Survey of Mobile Device Virtualization
2016
ACM Computing Surveys
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Moreover, various performance parameters are presented in a detailed comparative analysis to quantify the efficiency of mobile virtualization techniques and solutions. ...
Mobile virtualization enables multiple persona on a single mobile device by hosting heterogeneous operating systems concurrently. ...
Microkernel based paravirtualization techniques focus on small kernel size so that the mobile hypervisor has a smaller memory footprint and can be formally verified for security. ...
doi:10.1145/2897164
fatcat:htenyu2vlzfg3dv2czs2mdvi7q
The Dual-Execution-Environment Approach: Analysis and Comparative Evaluation
[chapter]
2015
IFIP Advances in Information and Communication Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
For instance, we find that bare-metal hypervisors are ill-adapted to provide high assurance security even though they might improve the overall security level of the system. ...
Results are consistent and explain some hidden and unexpected properties of each technology. ...
It builds on KVM and leverages existing infrastructure in the Linux kernel. KVM/ARM is a hosted bare-metal hypervisor, where the hypervisor is integrated with a host kernel. ...
doi:10.1007/978-3-319-18467-8_37
fatcat:ptha3ok5ovhrffoec4ghhrrs54
WELES: Policy-driven Runtime Integrity Enforcement of Virtual Machines
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
It performs an implicit attestation of VMs during a secure login and binds the VM integrity state with the secure connection. ...
We propose WELES, a protocol allowing tenants to establish and maintain trust in VM runtime integrity of software and its configuration. WELES is transparent to the VM configuration and setup. ...
For the Linux kernel and QEMU, we calculated code that is compiled with our custom configuration, i.e., Linux kernel with support for IMA and KVM, and QEMU with support for gnutls, TPM and KVM. ...
arXiv:2104.14862v1
fatcat:df5i2n4x25fu7oqvoxdm5ei3ae
Embedded Systems Development Tools: A MODUS-oriented Market Overview
2014
Business Systems Research
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Results: This paper presents a MODUS-oriented market analysis in the domains of Formal Verification tools, HW/SW co-simulation tools, Software Performance Optimization tools and Code Generation tools. ...
Methods/Approach: Embedded applications normally demand high resilience and quality, as well as conformity to quality standards and rigid performance. ...
In fact, several embedded hypervisor vendors offer a formally verified hypervisor and guarantee their bug-free operation. ...
doi:10.2478/bsrj-2014-0001
fatcat:x2yblzjbrrf2rh5bg3j76injuu
Nanovised Control Flow Attestation
2022
Applied Sciences
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system "C-FLAT Linux". ...
We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios. ...
The hypervisor can maintain a key to verify the signature and ensure that the lower privilege level code cannot access the key. ...
doi:10.3390/app12052669
fatcat:olkezgx25jbpdajaukmtvx2ho4
Dynamic VM Dependability Monitoring Using Hypervisor Probes
2015
2015 11th European Dependable Computing Conference (EDCC)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
To demonstrate the usefulness of this framework, we present three sample detectors: an emergency detector for a security vulnerability, an application watchdog, and an infinite-loop detector. ...
This paper introduces hprobes, a framework that allows one to dynamically monitor applications and operating systems inside a VM. ...
The authors of Lares [8] outline a formal model with potential attacks and security requirements for a hookbased monitoring system. ...
doi:10.1109/edcc.2015.9
dblp:conf/edcc/EstradaPDYKI15
fatcat:e6m7hwugm5ajvaf2oltjg5w3na
IoT Software Security Building Blocks
[chapter]
2019
Demystifying Internet of Things Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
KVM is a Red Hat hypervisor that runs as part of the Linux kernel; some regard it is Type 2 hypervisor since other things can run on the Linux OS, but Red Hat claims it is a Type 1 hypervisor since it ...
But, kVM uses all the hardware features of VMX, so it is as fast and secure as a type 1 hypervisor. kata Containers combines QeMu with kVM for further speed improvements. ...
doi:10.1007/978-1-4842-2896-8_4
fatcat:5ffon6fjtnh6rfkpnbtwoxk7ou
SMOC: A secure mobile cloud computing platform
2015
2015 IEEE Conference on Computer Communications (INFOCOM)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
We have implemented a prototype of our platform using off-the-shelf hardware, and performed an extensive evaluation of it. We show that our platform is efficient, practical, and secure. ...
In this paper, we propose a novel and practical mobile-cloud platform for smart mobile devices. ...
This project was supported in part by US National Science Foundation grants CNS-1320453 and CNS-1117412. ...
doi:10.1109/infocom.2015.7218658
dblp:conf/infocom/HaoTZNCL15
fatcat:aohr6v55pfb63d6cov66gf4oli
« Previous
Showing results 1 — 15 out of 297 results