TY - GEN
T1 - Secure virtual machine execution under an untrusted management OS
AU - Li, Chunxiao
AU - Raghunathan, Anand
AU - Jha, Niraj K.
PY - 2010
Y1 - 2010
N2 - Virtualization is a rapidly evolving technology that can be used to provide a range of benefits to computing systems, including improved resource utilization, software portability, and reliability. For security-critical applications, it is highly desirable to have a small trusted computing base (TCB), since it minimizes the surface of attacks that could jeopardize the security of the entire system. In traditional virtualization architectures, the TCB for an application includes not only the hardware and the virtual machine monitor (VMM), but also the whole management operating system (OS) that contains the device drivers and virtual machine (VM) management functionality. For many applications, it is not acceptable to trust this management OS, due to its large code base and abundance of vulnerabilities. In this paper, we address the problem of providing a secure execution environment on a virtualized computing platform under the assumption of an untrusted management OS. We propose a secure virtualization architecture that provides a secure run-time environment, network interface, and secondary storage for a guest VM. The proposed architecture significantly reduces the TCB of security-critical guest VMs, leading to improved security in an untrusted management environment. We have implemented a prototype of the proposed approach using the Xen virtualization system, and demonstrated how it can be used to facilitate secure remote computing services. We evaluate the performance penalties incurred by the proposed architecture, and demonstrate that the penalties are minimal.
AB - Virtualization is a rapidly evolving technology that can be used to provide a range of benefits to computing systems, including improved resource utilization, software portability, and reliability. For security-critical applications, it is highly desirable to have a small trusted computing base (TCB), since it minimizes the surface of attacks that could jeopardize the security of the entire system. In traditional virtualization architectures, the TCB for an application includes not only the hardware and the virtual machine monitor (VMM), but also the whole management operating system (OS) that contains the device drivers and virtual machine (VM) management functionality. For many applications, it is not acceptable to trust this management OS, due to its large code base and abundance of vulnerabilities. In this paper, we address the problem of providing a secure execution environment on a virtualized computing platform under the assumption of an untrusted management OS. We propose a secure virtualization architecture that provides a secure run-time environment, network interface, and secondary storage for a guest VM. The proposed architecture significantly reduces the TCB of security-critical guest VMs, leading to improved security in an untrusted management environment. We have implemented a prototype of the proposed approach using the Xen virtualization system, and demonstrated how it can be used to facilitate secure remote computing services. We evaluate the performance penalties incurred by the proposed architecture, and demonstrate that the penalties are minimal.
KW - Cloud computing
KW - Computing as a service
KW - Memory protection
KW - Trusted computing base
KW - Virtual machine
UR - http://www.scopus.com/inward/record.url?scp=77957959132&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77957959132&partnerID=8YFLogxK
U2 - 10.1109/CLOUD.2010.29
DO - 10.1109/CLOUD.2010.29
M3 - Conference contribution
AN - SCOPUS:77957959132
SN - 9780769541303
T3 - Proceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010
SP - 172
EP - 179
BT - Proceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010
T2 - 3rd IEEE International Conference on Cloud Computing, CLOUD 2010
Y2 - 5 July 2010 through 10 July 2010
ER -