297 Hits in 3.5 sec

TrustOSV: Building Trustworthy Executing Environment with Commodity Hardware for a Safe Cloud

Xiaoguang Wang, Yong Qi, Yuehua Dai, Yi Shi, Jianbao Ren, Yu Xuan
2014 Journal of Computers  
In this paper, we first make an analysis of the potential threats to a commodity hypervisor, and then propose architecture to build a more trustworthy executing environment for IaaS cloud.  ...  The main ideas of our architecture are: removing interaction between hypervisor and the exposed executing environment, enhancing platform data secrecy as well as providing feature rich environment attestation  ...  ACKNOWLEDGMENT We would like to thank Pilar Howard, Cancan Wang and all other anonymous reviewers for their comments and suggestions.  ... 
doi:10.4304/jcp.9.10.2303-2314 fatcat:vtvemobhqfc5rofsylxpvnizem

Experience Report: An Analysis of Hypercall Handler Vulnerabilities

Aleksandar Milenkoski, Bryan D. Payne, Nuno Antunes, Marco Vieira, Samuel Kounev
2014 2014 IEEE 25th International Symposium on Software Reliability Engineering  
and securing these interfaces.  ...  As a result, attackers are exploring vectors to attack hypervisors, against which an attack may be executed via several attack vectors such as device drivers, virtual machine exit events, or hypercalls  ...  ACKNOWLEDGMENT This work is a part of the RELATE project, which is supported by the European Commission under the Seventh Framework Programme FP7 with Grant Agreement No. 264840ITN.  ... 
doi:10.1109/issre.2014.24 dblp:conf/issre/MilenkoskiPAVK14 fatcat:imlr2a6iindplafabdvpprj66e

Virtualizing mixed-criticality systems: A survey on industrial trends and issues

Marcello Cinque, Domenico Cotroneo, Luigi De Simone, Stefano Rosiello
2021 Future generations computer systems  
Virtualization is gaining attraction in the industry as it promises a flexible way to integrate, manage, and re-use heterogeneous software components with mixed-criticality levels, on a shared hardware  ...  In particular, we analyze how different virtualization approaches and solutions can impact isolation guarantees and testing/certification activities, and how they deal with dependability challenges.  ...  The seL4 [70, 71] is a formal-verified microkernel designed to be used in security-and safety-critical systems.  ... 
doi:10.1016/j.future.2021.12.002 fatcat:4q277etxfjewlpmkjcn7by42pm

Isolating commodity hosted hypervisors with HyperLock

Zhi Wang, Chiachih Wu, Michael Grace, Xuxian Jiang
2012 Proceedings of the 7th ACM european conference on Computer Systems - EuroSys '12  
We have built a proof-ofconcept HyperLock prototype to confine the popular KVM hypervisor on Linux.  ...  Specifically, we provide a secure hypervisor isolation runtime with its own separated address space and a restricted instruction set for safe execution.  ...  This work was supported in part by the US Army Research Office (ARO) under grant W911NF-08-1-0105 managed by NCSU Secure Open Systems Initiative (SOSI) and the US National Science Foundation (NSF) under  ... 
doi:10.1145/2168836.2168850 dblp:conf/eurosys/WangWGJ12 fatcat:3u4aiaef3fhzhg5pasjsfg6s2i

T-Visor: A Hypervisor for Mixed Criticality Embedded Real-time System with Hardware Virtualization Support [article]

Takumi Shimada, Takeshi Yashiro, Ken Sakamura
2018 arXiv   pre-print
We present the design and implementation of T-Visor, a hypervisor specialized for mixed criticality embedded real-time systems.  ...  From these results, we conclude that our design and implementation are more suitable for embedded real-time systems than the existing hypervisors.  ...  KVM is a Type-2 hypervisor. KVM is available on ARM architecture with Virtualization Extensions [6] .  ... 
arXiv:1810.05068v1 fatcat:gx3ftsrmavefflzqtcajq3ry7e

Virtual CPU validation

Nadav Amit, Dan Tsafrir, Assaf Schuster, Ahmad Ayoub, Eran Shlomo
2015 Proceedings of the 25th Symposium on Operating Systems Principles - SOSP '15  
Testing the hypervisor is important for ensuring the correct operation and security of systems, but it is a hard and challenging task.  ...  We thus propose to apply the testing environment of CPU vendors to hypervisors. We demonstrate the advantages of our proposal by adapting Intel's testing facility to the Linux KVM hypervisor.  ...  Acknowledgments We thank Paolo Bonzini from Redhat and our shepherd Andrew Baumann. The research leading to the results presented in this paper was partially supported by: the Israel Science  ... 
doi:10.1145/2815400.2815420 dblp:conf/sosp/AmitTSAS15 fatcat:edvb3verxreihawmtqj6sl55qm

Mitigating vulnerability windows with hypervisor transplant

Tu Dinh Ngoc, Boris Teabe, Alain Tchana, Gilles Muller, Daniel Hagimont
2021 Proceedings of the Sixteenth European Conference on Computer Systems  
It involves temporarily replacing the current datacenter hypervisor (e.g., Xen) which is subject to a critical security flaw, by a different hypervisor (e.g., KVM) which is not subject to the same vulnerability  ...  ABSTRACT The vulnerability window of a hypervisor regarding a given security flaw is the time between the identification of the flaw and the integration of a correction/patch in the running hypervisor.  ...  Thanks to Mar Callau-Zori and Christophe Hubert from 3DS Outscale, Cody Hammock from Chameleon Cloud, Simon Delamare from Grid'5000 and the Xen security team for your insights.  ... 
doi:10.1145/3447786.3456235 fatcat:w7qmcg6ftraldjvr5bnse2rmhu

A Survey of Mobile Device Virtualization

Junaid Shuja, Abdullah Gani, Kashif Bilal, Atta Ur Rehman Khan, Sajjad A. Madani, Samee U. Khan, Albert Y. Zomaya
2016 ACM Computing Surveys  
Moreover, various performance parameters are presented in a detailed comparative analysis to quantify the efficiency of mobile virtualization techniques and solutions.  ...  Mobile virtualization enables multiple persona on a single mobile device by hosting heterogeneous operating systems concurrently.  ...  Microkernel based paravirtualization techniques focus on small kernel size so that the mobile hypervisor has a smaller memory footprint and can be formally verified for security.  ... 
doi:10.1145/2897164 fatcat:htenyu2vlzfg3dv2czs2mdvi7q

The Dual-Execution-Environment Approach: Analysis and Comparative Evaluation [chapter]

Mohamed Sabt, Mohammed Achemlal, Abdelmadjid Bouabdallah
2015 IFIP Advances in Information and Communication Technology  
For instance, we find that bare-metal hypervisors are ill-adapted to provide high assurance security even though they might improve the overall security level of the system.  ...  Results are consistent and explain some hidden and unexpected properties of each technology.  ...  It builds on KVM and leverages existing infrastructure in the Linux kernel. KVM/ARM is a hosted bare-metal hypervisor, where the hypervisor is integrated with a host kernel.  ... 
doi:10.1007/978-3-319-18467-8_37 fatcat:ptha3ok5ovhrffoec4ghhrrs54

WELES: Policy-driven Runtime Integrity Enforcement of Virtual Machines [article]

Wojciech Ozga and Do Le Quoc and Christof Fetzer
2021 arXiv   pre-print
It performs an implicit attestation of VMs during a secure login and binds the VM integrity state with the secure connection.  ...  We propose WELES, a protocol allowing tenants to establish and maintain trust in VM runtime integrity of software and its configuration. WELES is transparent to the VM configuration and setup.  ...  For the Linux kernel and QEMU, we calculated code that is compiled with our custom configuration, i.e., Linux kernel with support for IMA and KVM, and QEMU with support for gnutls, TPM and KVM.  ... 
arXiv:2104.14862v1 fatcat:df5i2n4x25fu7oqvoxdm5ei3ae

Embedded Systems Development Tools: A MODUS-oriented Market Overview

Michalis Loupis
2014 Business Systems Research  
Results: This paper presents a MODUS-oriented market analysis in the domains of Formal Verification tools, HW/SW co-simulation tools, Software Performance Optimization tools and Code Generation tools.  ...  Methods/Approach: Embedded applications normally demand high resilience and quality, as well as conformity to quality standards and rigid performance.  ...  In fact, several embedded hypervisor vendors offer a formally verified hypervisor and guarantee their bug-free operation.  ... 
doi:10.2478/bsrj-2014-0001 fatcat:x2yblzjbrrf2rh5bg3j76injuu

Nanovised Control Flow Attestation

Raz Ben Yehuda, Michael Kiperberg, Nezer Jacob Zaidenberg
2022 Applied Sciences  
We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system "C-FLAT Linux".  ...  We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios.  ...  The hypervisor can maintain a key to verify the signature and ensure that the lower privilege level code cannot access the key.  ... 
doi:10.3390/app12052669 fatcat:olkezgx25jbpdajaukmtvx2ho4

Dynamic VM Dependability Monitoring Using Hypervisor Probes

Zachary J. Estrada, Cuong Pham, Fei Deng, Lok Yan, Zbigniew Kalbarczyk, Ravishankar K. Iyer
2015 2015 11th European Dependable Computing Conference (EDCC)  
To demonstrate the usefulness of this framework, we present three sample detectors: an emergency detector for a security vulnerability, an application watchdog, and an infinite-loop detector.  ...  This paper introduces hprobes, a framework that allows one to dynamically monitor applications and operating systems inside a VM.  ...  The authors of Lares [8] outline a formal model with potential attacks and security requirements for a hookbased monitoring system.  ... 
doi:10.1109/edcc.2015.9 dblp:conf/edcc/EstradaPDYKI15 fatcat:e6m7hwugm5ajvaf2oltjg5w3na

IoT Software Security Building Blocks [chapter]

Sunil Cheruvu, Anil Kumar, Ned Smith, David M. Wheeler
2019 Demystifying Internet of Things Security  
KVM is a Red Hat hypervisor that runs as part of the Linux kernel; some regard it is Type 2 hypervisor since other things can run on the Linux OS, but Red Hat claims it is a Type 1 hypervisor since it  ...  But, kVM uses all the hardware features of VMX, so it is as fast and secure as a type 1 hypervisor. kata Containers combines QeMu with kVM for further speed improvements.  ... 
doi:10.1007/978-1-4842-2896-8_4 fatcat:5ffon6fjtnh6rfkpnbtwoxk7ou

SMOC: A secure mobile cloud computing platform

Zijiang Hao, Yutao Tang, Yifan Zhang, Ed Novak, Nancy Carter, Qun Li
2015 2015 IEEE Conference on Computer Communications (INFOCOM)  
We have implemented a prototype of our platform using off-the-shelf hardware, and performed an extensive evaluation of it. We show that our platform is efficient, practical, and secure.  ...  In this paper, we propose a novel and practical mobile-cloud platform for smart mobile devices.  ...  This project was supported in part by US National Science Foundation grants CNS-1320453 and CNS-1117412.  ... 
doi:10.1109/infocom.2015.7218658 dblp:conf/infocom/HaoTZNCL15 fatcat:aohr6v55pfb63d6cov66gf4oli
« Previous Showing results 1 — 15 out of 297 results