Abstract
Recent research has developed virtualization architectures to protect the privacy of guest virtual machines. The key technology is to include an access control matrix in the hypervisor. However, existing approaches have either limited functionalities in the hypervisor or a Trusted Computing Base (TCB) which is too large to secure. In this paper, we propose a new architecture, MyCloud SEP, to separate resource allocation and management from the hypervisor in order to reduce the TCB size while supporting privacy protection. In our design, the hypervisor checks all resource accesses against an access control matrix in the hypervisor. While providing flexibility of plugging-in resource management modules, the size of TCB is significantly reduced compared with commercial hypervisors. Using virtual disk manager as an example, we implement a prototype on x86 architecture. The performance evaluation results also show acceptable overheads.
Chapter PDF
Similar content being viewed by others
References
Forbes: PRISM Projected To Cost U.S. Cloud Market $35B, http://www.forbes.com/sites/louiscolumbus/2013/08/08/prism-projected-to-cost-u-s-cloud-computing-industry-35b
Xen: http://www.xen.org/
Amazon Inc.: Amazon EC2, http://aws.amazon.com/ec2/
Butt, S., Lagar-Cavilla, H.A., Srivastava, A., Ganapathy, V.: Self-service cloud computing. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 253–264. ACM, New York (2012)
Li, M., Zang, W., Bai, K., Yu, M., Liu, P.: Mycloud: Supporting user-configured privacy protection in cloud computing. In: Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC 2013, pp. 59–68. ACM, New York (2013)
Murray, D., Milos, G., Hand, S.: Improving xen security through disaggregation. In: Proceedings of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 151–160. ACM (2008)
Pan, W., Zhang, Y., Yu, M., Jing, J.: Improving virtualization security by splitting hypervisor into smaller components. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 298–313. Springer, Heidelberg (2012)
Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 203–216. ACM (2011)
Williams, D., Jamjoom, H., Weatherspoon, H.: The xen-blanket: virtualize once, run everywhere. In: ACM EuroSys (2012)
Ben-Yehuda, M., Day, M., Dubitzky, Z., Factor, M., Har’El, N., Gordon, A., Liguori, A., Wasserman, O., Yassour, B.: The turtles project: Design and implementation of nested virtualization. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, pp. 1–6. USENIX Association (2010)
Kauer, B., Verissimo, P., Bessani, A.: Recursive virtual machines for advanced security mechanisms. In: 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 117–122. IEEE (2011)
Steinberg, U., Kauer, B.: Nova: a microhypervisor-based secure virtualization architecture. In: Proceedings of the 5th European Conference on Computer Systems, EuroSys 2010, pp. 209–222. ACM, New York (2010)
Heiser, G., Uhlig, V., LeVasseur, J.: Are virtual-machine monitors microkernels done right? SIGOPS Oper. Syst. Rev. 40(1), 95–99 (2006)
Keller, E., Szefer, J., Rexford, J., Lee, R.: Nohype: virtualized cloud infrastructure without the virtualization. ACM SIGARCH Computer Architecture News 38, 350–361 (2010)
Szefer, J., Keller, E., Lee, R., Rexford, J.: Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 401–412. ACM (2011)
McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. SIGOPS Oper. Syst. Rev. 42(4), 315–328 (2008)
Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In. In: ASPLOS (May 2008)
Yang, J., Shin, K.G.: Using hypervisor to provide data secrecy for user applications on a per-page basis. In: Proceedings of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE 2008, pp. 71–80. ACM, New York (2008)
Hofmann, O.S., Kim, S., Dunn, A.M., Lee, M.Z., Witchel, E.: Inktag: secure applications on an untrusted operating system. In: Proceedings of the Eighteenth International Conference on Architectural Support for Programming Languages and Operating System, ASPLOS 2013, pp. 265–278. ACM, New York (2013)
Ta-Min, R., Litty, L., Lie, D.: Splitting interfaces: making trust between applications and operating system configurable. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, OSDI 2006, pp. 279–292. USENIX Association, Berkeley (2006)
Cheng, Y., Ding, X., Deng, R.H.: Appshield: Protecting applications against untrusted operating system. In: Singaport Management University Technical Report. smu-sis-13-101 (2013)
Cloud, M., http://www.microsoft.com/enterprise/microsoftcloud/
Cloud, H.P., http://www.hpcloud.com/
CVE-2007-4993: Xen guest root escape to dom0 via pygrub
CVE-2010-0431: Qemu-kvm in redhat enterprise virtualization (rhev) 2.2 and kvm 83, does not properly validate guest qxl driver pointers, which allows guest os users to gain privileges via unspecified vectors
CVE-2009-1758: The hypervisor callback function in xen, as applied to the linux kernel 2.6.30-rc4 allows guest user applications to cause a denial of service of the guest os by triggering a segmentation fault in certain address ranges
Elhage, N.: Virtunoid: Breaking out of kvm (2011)
Kortchinsky, K.: Cloudburst: Hacking 3d (and breaking out of vmware). In: Black Hat Conference (2009)
Wojtczuk, R., Rutkowska, J.: Xen 0wning trilogy. In: Black Hat Conference (2008)
Secunia: Vulnerability report: Vmware esx server 3.x, http://secunia.com/advisories/product/10757/ .
Secunia: Xen multiple vulnerability report, http://secunia.com/advisories/44502/
CVE-2009-2277: Cross-site scripting (xss) vulnerability in webaccess in vmware allows attackers to inject arbitrary web script via vectors related to context data
CVE-2009-1244: Vulnerability in the virtual machine display function in vmware workstation allows guest os users to execute arbitrary code on host os
Anderson, R., Kuhn, M.: Tamper resistance-a cautionary note. In: Proceedings of the Second Usenix Workshop on Electronic Commerce, vol. 2, pp. 1–11 (1996)
Intel Coperation: Intel trusted execution technology (2011)
Intel Coperation: Intel trusted platform module (2003)
Wojtczuk, R., Rutkowska, J.: Attacking smm memory via intel cpu cache poisoning. Invisible Things Lab (2009)
Intel Corporation: Intel vprof technology, http://www.intel.com/content/www/us/en/architecture-and-technology/vpro/vpro-technology-general.html
Intel Coperation: Serial ATA Advanced Host Controller Interface (2012)
Intel Corporation: Intel® Virtualization Technology Specification for Directed I/O Specification, www.intel.com/technology/vt/ .
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Li, M., Zha, Z., Zang, W., Yu, M., Liu, P., Bai, K. (2014). Detangling Resource Management Functions from the TCB in Privacy-Preserving Virtualization. In: Kutyłowski, M., Vaidya, J. (eds) Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in Computer Science, vol 8712. Springer, Cham. https://doi.org/10.1007/978-3-319-11203-9_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-11203-9_18
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11202-2
Online ISBN: 978-3-319-11203-9
eBook Packages: Computer ScienceComputer Science (R0)