Name
Abstract | ||
|---|---|---|
Virtualization is the corner stone of cloud computing, but the hypervisor, the crucial software component that enables virtualization, is known to suffer from various attacks. It is challenging to secure the hypervisor due to at least two reasons. On one hand, commercial hypervisors are usually integrated into a privileged Operating System (OS), which brings in a larger attack surface. On the other hand, multiple Virtual Machines (VM) share a single hypervisor, thus a malicious VM could leverage the hypervisor as a bridge to launch “cross-VM” attacks. In this work, we propose SecFortress, a dependable hypervisor design that decouples the virtualization layer into a mediator, an outerOS, and multiple HypBoxes through a cross-layer isolation approach. SecFortress extends the nested kernel approach to de-privilege the outerOS from accessing the mediator's memory and creates an isolated hypervisor instance, HypBox, to confine the impacts from the untrusted VMs. We implemented SecFortress based on KVM and evaluated its effectiveness and efficiency through case studies and performance evaluation. Experimental results show that SecFortress can significantly improve the security of the hypervisor with negligible runtime overhead. |
Year | DOI | Venue |
|---|---|---|
2022 | 10.1109/IPDPS53621.2022.00029 | 2022 IEEE International Parallel and Distributed Processing Symposium (IPDPS) |
Keywords | DocType | ISSN |
SecFortress,virtual machines,hypervisor design,virtualization layer,cross-layer isolation approach,HypBox,operating system,mediator,outerOS | Conference | 1530-2075 |
ISBN | Citations | PageRank |
978-1-6654-8107-6 | 0 | 0.34 |
References | Authors | |
9 | 6 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Qihang Zhou | 1 | 0 | 0.68 |
| Xiaoqi Jia | 2 | 0 | 0.68 |
| Shengzhi Zhang | 3 | 60 | 12.41 |
| Nan Jiang | 4 | 0 | 0.68 |
| Jiayun Chen | 5 | 0 | 0.34 |
| Weijuan Zhang | 6 | 0 | 0.34 |