73 Hits in 3.5 sec

TinyChecker: Transparent protection of VMs against hypervisor failures with nested virtualization

Cheng Tan, Yubin Xia, Haibo Chen, Binyu Zang
2012 IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012)  
This paper tries to mitigate this problem by proposing a technique called TinyChecker, which uses a tiny nested hypervisor to transparently protect guest VMs against failures in the hypervisor layer.  ...  TinyChecker is a very small software layer designated for transparent failure detection and recovery, whose reliability can be guaranteed by its small size and possible further formal verification.  ...  Acknowledgments We thank the anonymous reviewers for their insight-ful comments.  ... 
doi:10.1109/dsnw.2012.6264691 dblp:conf/dsn/TanXCZ12 fatcat:koo7ucmp65aobgvncep5lk3y3a

Increasing the trustworthiness of commodity hardware through software

Kevin Elphinstone, Yanyan Shen
2013 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)  
This paper discusses improving the trustworthiness of commodity hardware to enable a verified microkernel to be used in some situations previously needing separate computers.  ...  Advances in formal software verification has produced an operating system that is guaranteed mathematically to be correct and enforce access isolation.  ...  For MILS-style systems to succeed with a verified kernel, the assumptions made in establishing the above formal guarantees will need sufficient guarantees that fit the risk profile of the application domain  ... 
doi:10.1109/dsn.2013.6575328 dblp:conf/dsn/ElphinstoneS13 fatcat:2uvav7y6h5djbipmlmgy7ip6jy

Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework

A. Vasudevan, S. Chaki, Limin Jia, J. McCune, J. Newsome, A. Datta
2013 2013 IEEE Symposium on Security and Privacy  
We verify the memory integrity of the XMHF core -6018 lines of code -using a combination of automated and manual techniques.  ...  preserving the fundamental hypervisor security property of memory integrity (i.e., ensuring that the hypervisor's memory is not modified by software running at a lower privilege level).  ...  We thank our shepherd, William Enck, for his help with the final version of this paper, as well as the anonymous reviewers for their detailed comments.  ... 
doi:10.1109/sp.2013.36 dblp:conf/sp/VasudevanCJMND13 fatcat:dugdofrzlfeczkkp5bobzqj2ji

The role of virtualization in embedded systems

Gernot Heiser
2008 Proceedings of the 1st workshop on Isolation and integration in embedded systems - IIES '08  
We argue that high-performance microkernels, specifically L4, are a technology that provides a good match for the requirements of next-generation embedded systems.  ...  in the requirements for the technology.  ...  A scalable hypervisor could form the basis for deploying poorly-scaling legacy operating systems on a large number of cores, by partitioning the chip into several smaller multiprocessor domains.  ... 
doi:10.1145/1435458.1435461 fatcat:dnzk63vjtnfs7nmmephhs7usxq

On the Effectiveness of Virtualization Based Memory Isolation on Multicore Platforms

Siqi Zhao, Xuhua Ding
2017 2017 IEEE European Symposium on Security and Privacy (EuroS&P)  
Our study reveals that memory isolation by itself is inadequate for security.  ...  In our design, the hypervisor constructs a fully isolated micro computing environment (FIMCE) that exposes a minimal attack surface to an untrusted OS on a multicore platform.  ...  Acknowledgments We especially thank Virgil Gligor for his constructive insights into positioning our work. We also appreciate the anonymous reviewers for their helpful comments.  ... 
doi:10.1109/eurosp.2017.25 dblp:conf/eurosp/ZhaoD17 fatcat:4og7nnfmmfhn7m5r2sqmmqzmqe


Siqi Zhao, Xuhua Ding
2018 ACM Transactions on Privacy and Security  
impose a single-threaded execution model for the hypervisor.  ...  We have built a prototype of FIMCE with a bare-metal hypervisor.  ...  ACKNOWLEDGMENTS We are grateful to Virgil Gligor for his constructive suggestions.  ... 
doi:10.1145/3195181 fatcat:75dls56oxfarporefzodz6k2me

Aurora: Providing Trusted System Services for Enclaves On an Untrusted System [article]

Hongliang Liang, Mingyu Li, Qiong Zhang, Yue Yu, Lin Jiang, Yixiu Chen
2018 arXiv   pre-print
Intel SGX provisions shielded executions for security-sensitive computation, but lacks support for trusted system services (TSS), such as clock, network and filesystem.  ...  To mitigate this problem, we present Aurora, a novel architecture that provides TSSes via a secure channel between enclaves and devices on top of an untrusted system, and implement two types of TSSes,  ...  We are grateful to Kai Huang, Shweta Shinde for their feedback and help on Aurora.  ... 
arXiv:1802.03530v1 fatcat:nuuj74brjfchnd7xugubafgmo4


Andrew Herbert
2015 SOSP History Day 2015 on - SOSP '15  
Steiger, "A universal modular ACTOR formalism for artificial intelligence", Proc.  ...  By contrast the 1997 DISCO project revisited the use of a virtual machine monitor to run alternative operating systems side-by-side -"Disco: Running Commodity Operating Systems on Scalable Multiprocessors  ... 
doi:10.1145/2830903.2830909 dblp:conf/sosp/Herbert15 fatcat:mposov6rcjchvbagkz7476zppu

Position paper: the science of deep specification

Andrew W. Appel, Lennart Beringer, Adam Chlipala, Benjamin C. Pierce, Zhong Shao, Stephanie Weirich, Steve Zdancewic
2017 Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences  
(iv) The proof scripts yield formal proof objects in a variant of the calculus of inductive constructions (CiC) for which checking of proofs amounts to type checking and is fully automatic and independent  ...  One contribution of 8 to a discussion meeting issue 'Verified trustworthy software systems' . Modern hardware and software are monstrously complex.  ...  We thank the graduate students and post-doctoral researchers of our research groups for their contributions, and our external academic and industrial collaborators for their participation.  ... 
doi:10.1098/rsta.2016.0331 pmid:28871056 fatcat:ztgho4isajbchi4bghlegxns7m


Fengzhe Zhang, Jin Chen, Haibo Chen, Binyu Zang
2011 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles - SOSP '11  
A tiny security monitor is introduced underneath the commodity VMM using nested virtualization and provides protection to the hosted VMs.  ...  In this paper, we propose a transparent, backward-compatible approach that protects the privacy and integrity of customers' virtual machines on commodity virtualized infrastructures, even facing a total  ...  As the essential protection logic for VM resources is quite fixed, CloudVisor can be small enough to verify its security properties (e.g., using formal verification methods [34] ).  ... 
doi:10.1145/2043556.2043576 dblp:conf/sosp/ZhangCCZ11 fatcat:4z3ywg42enga5bhnqlev3mwbyq

Confidentiality Issues on a GPU in a Virtualized Environment [chapter]

Clémentine Maurice, Christoph Neumann, Olivier Heen, Aurélien Francillon
2014 Lecture Notes in Computer Science  
In those configurations, it happens as a side effect of Error Correction Codes (ECC) and not for security reasons.  ...  We finally discuss possible countermeasures for current GPU clouds users and providers.  ...  Acknowledgments We wish to thank NVIDIA for the donation of a Tesla K20 card.  ... 
doi:10.1007/978-3-662-45472-5_9 fatcat:3ig742grabg7lm2oyoy7ircgra


Glenn Ammons, Robert W. Wisniewski, Jonathan Appavoo, Maria Butrico, Dilma Da Silva, David Grove, Kiyokuni Kawachiya, Orran Krieger, Bryan Rosenburg, Eric Van Hensbergen
2007 Proceedings of the 3rd international conference on Virtual execution environments - VEE '07  
For example, Java virtual machines (JVMs) provide their own threading model and memory protection, so general-purpose operating system implementations of these abstractions are redundant.  ...  Instead, Libra and J9 form a single statically-linked image that runs in a hypervisor partition.  ...  Acknowledgments We thank David Bacon, Muli Ben-Yehuda, Mark Mergen, Michal Ostrowski, Volkmar Uhlig, Amos Waterland, and Jimi Xenidis for their valuable insights.  ... 
doi:10.1145/1254810.1254817 dblp:conf/vee/AmmonsABSGKKRHW07 fatcat:25ttuqge2faxrdibzmwi5xuhme

XTRec: Secure Real-Time Execution Trace Recording on Commodity Platforms

A Vasudevan, Ning Qu, A Perrig
2011 2011 44th Hawaii International Conference on System Sciences  
We propose XTRec, a primitive that can record the instruction-level execution trace of a commodity computing system.  ...  Our experimental results show that the imposed overhead is 2x-4x for real-world applications.  ...  Our primitive employs a tiny hypervisor and uses commodity hardware features to provide robustness against subversion thereby guaranteeing the integrity of the recorded execution trace.  ... 
doi:10.1109/hicss.2011.500 dblp:conf/hicss/VasudevanQP11 fatcat:l3h3lrgh5jennp44l3qq66rjcm

SoK: Hardware Security Support for Trustworthy Execution [article]

Lianying Zhao, He Shuang, Shengjie Xu, Wei Huang, Rongzhen Cui, Pushkar Bettadpur, David Lie
2019 arXiv   pre-print
This has given birth to a plethora of hardware mechanisms providing trusted execution environments (TEEs), support for integrity checking and memory safety and widespread uses of hardware roots of trust  ...  In recent years, there have emerged many new hardware mechanisms for improving the security of our computer systems.  ...  Hypervisor integrity: HyperSafe [120] makes use of tboot (which is actually based on Intel TXT) to bootstrap a solution for hypervisor integrity protection.  ... 
arXiv:1910.04957v1 fatcat:5luczjg34ve67nm73xso5xhzx4

How low can you go?

Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, Arvind Seshadri
2008 Proceedings of the 13th international conference on Architectural support for programming languages and operating systems - ASPLOS XIII  
We find that although this new technology represents a step in the right direction, significant performance issues remain.  ...  We explore the extent to which newly available CPU-based security technology can reduce the Trusted Computing Base (TCB) for security-sensitive applications.  ...  Other multiprocessor designs use a similar partitioning system to protect memory from other processors [13] .  ... 
doi:10.1145/1346281.1346285 dblp:conf/asplos/McCunePPRS08 fatcat:rsqdgtgwzfhzjnlxjc6ibw4r44
« Previous Showing results 1 — 15 out of 73 results