Secure virtual machine execution under an untrusted management OS

Chunxiao Li, Anand Raghunathan, Niraj K. Jha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

59 Scopus citations

Abstract

Virtualization is a rapidly evolving technology that can be used to provide a range of benefits to computing systems, including improved resource utilization, software portability, and reliability. For security-critical applications, it is highly desirable to have a small trusted computing base (TCB), since it minimizes the surface of attacks that could jeopardize the security of the entire system. In traditional virtualization architectures, the TCB for an application includes not only the hardware and the virtual machine monitor (VMM), but also the whole management operating system (OS) that contains the device drivers and virtual machine (VM) management functionality. For many applications, it is not acceptable to trust this management OS, due to its large code base and abundance of vulnerabilities. In this paper, we address the problem of providing a secure execution environment on a virtualized computing platform under the assumption of an untrusted management OS. We propose a secure virtualization architecture that provides a secure run-time environment, network interface, and secondary storage for a guest VM. The proposed architecture significantly reduces the TCB of security-critical guest VMs, leading to improved security in an untrusted management environment. We have implemented a prototype of the proposed approach using the Xen virtualization system, and demonstrated how it can be used to facilitate secure remote computing services. We evaluate the performance penalties incurred by the proposed architecture, and demonstrate that the penalties are minimal.

Original languageEnglish (US)
Title of host publicationProceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010
Pages172-179
Number of pages8
DOIs
StatePublished - Oct 21 2010
Event3rd IEEE International Conference on Cloud Computing, CLOUD 2010 - Miami, FL, United States
Duration: Jul 5 2010Jul 10 2010

Publication series

NameProceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010

Other

Other3rd IEEE International Conference on Cloud Computing, CLOUD 2010
CountryUnited States
CityMiami, FL
Period7/5/107/10/10

All Science Journal Classification (ASJC) codes

  • Computational Theory and Mathematics
  • Theoretical Computer Science

Keywords

  • Cloud computing
  • Computing as a service
  • Memory protection
  • Trusted computing base
  • Virtual machine

Fingerprint Dive into the research topics of 'Secure virtual machine execution under an untrusted management OS'. Together they form a unique fingerprint.

  • Cite this

    Li, C., Raghunathan, A., & Jha, N. K. (2010). Secure virtual machine execution under an untrusted management OS. In Proceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010 (pp. 172-179). [5557995] (Proceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010). https://doi.org/10.1109/CLOUD.2010.29