A case for hardware protection of guest VMs from compromised hypervisors in cloud computing

Jakub Szefer, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Scopus citations

Abstract

Cloud computing, enabled by virtualization technologies, is becoming a mainstream computing model. Many companies are starting to utilize the infrastructure-as-a-service (IaaS) cloud computing model, leasing guest virtual machines (VMs) from the infrastructure providers for economic reasons: to reduce their operating costs and to increase the flexibility of their own infrastructures. Yet, many companies may be hesitant to move to cloud computing due to security concerns. An integral part of any virtualization technology is the all-powerful hyper visor. A hyper visor is a system management software layer which can access all resources of the platform. Much research has been done on using hyper visors to monitor guest VMs for malicious code and on hardening hyper visors to make them more secure. There is, however, another threat which has not been addressed by researchers - that of compromised or malicious hyper visors that can extract sensitive or confidential data from guest VMs. Consequently, we propose that a new research direction needs to be undertaken to tackle this threat. We further propose that new hardware mechanisms in the multi core microprocessors are a viable way of providing protections for the guest VMs from the hyper visor, while still allowing the hyper visor to flexibly manage the resources of the physical platform.

Original languageEnglish (US)
Title of host publicationProceedings - 31st International Conference on Distributed Computing Systems Workshops, ICDCSW 2011
Pages248-252
Number of pages5
DOIs
StatePublished - 2011
Event31st International Conference on Distributed Computing Systems Workshops, ICDCSW 2011 - Minneapolis, MN, United States
Duration: Jun 20 2011Jun 24 2011

Publication series

NameProceedings - International Conference on Distributed Computing Systems

Other

Other31st International Conference on Distributed Computing Systems Workshops, ICDCSW 2011
Country/TerritoryUnited States
CityMinneapolis, MN
Period6/20/116/24/11

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Keywords

  • Hardware security
  • Hypervisors
  • Security architectures
  • virtual machines

Fingerprint

Dive into the research topics of 'A case for hardware protection of guest VMs from compromised hypervisors in cloud computing'. Together they form a unique fingerprint.

Cite this