Improving Virtualization Security by Splitting Hypervisor into Smaller Components

Abstract : In cloud computing, the security of infrastructure is determined by hypervisor (or Virtual Machine Monitor, VMM) designs. Unfortunately, in recent years, many attacks have been developed to compromise the hypervisor, taking over all virtual machines running above the hypervisor. Due to the functions a hypervisor provides, it is very hard to reduce its size. Including a big hypervisor in the Trusted Computing Base (TCB) is not acceptable for a secure system design. Several secure, small, and innovative hypervisor designs, e.g., TrustVisor, CloudVisor, etc., have been proposed to solve the problem. However, these designs either have reduced functionalities or pose strong restrictions to the virtual machines. In this paper, we propose an innovative hypervisor design that splits hypervisor’s functions into a small enough component in the TCB, and other components to provide full functionalities. Our design can significantly reduce the TCB size without sacrificing functionalities. Our experiments also show acceptable costs of our design.
Document type :
Conference papers
Nora Cuppens-Boulahia; Frédéric Cuppens; Joaquin Garcia-Alfaro. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. Springer, Lecture Notes in Computer Science, LNCS-7371, pp.298-313, 2012, Data and Applications Security and Privacy XXVI. 〈10.1007/978-3-642-31540-4_23〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01534758
Contributor : Hal Ifip <>
Submitted on : Thursday, June 8, 2017 - 11:06:22 AM
Last modification on : Friday, November 3, 2017 - 10:24:07 PM
Document(s) archivé(s) le : Saturday, September 9, 2017 - 12:32:13 PM

File

978-3-642-31540-4_23_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Wuqiong Pan, Yulong Zhang, Meng Yu, Jiwu Jing. Improving Virtualization Security by Splitting Hypervisor into Smaller Components. Nora Cuppens-Boulahia; Frédéric Cuppens; Joaquin Garcia-Alfaro. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. Springer, Lecture Notes in Computer Science, LNCS-7371, pp.298-313, 2012, Data and Applications Security and Privacy XXVI. 〈10.1007/978-3-642-31540-4_23〉. 〈hal-01534758〉

Share

Metrics

Record views

98

Files downloads

79