Improving Virtualization Security by Splitting Hypervisor into Smaller Components - Data and Applications Security and Privacy XXVI
Conference Papers Year : 2012

Improving Virtualization Security by Splitting Hypervisor into Smaller Components

Abstract

In cloud computing, the security of infrastructure is determined by hypervisor (or Virtual Machine Monitor, VMM) designs. Unfortunately, in recent years, many attacks have been developed to compromise the hypervisor, taking over all virtual machines running above the hypervisor. Due to the functions a hypervisor provides, it is very hard to reduce its size. Including a big hypervisor in the Trusted Computing Base (TCB) is not acceptable for a secure system design. Several secure, small, and innovative hypervisor designs, e.g., TrustVisor, CloudVisor, etc., have been proposed to solve the problem. However, these designs either have reduced functionalities or pose strong restrictions to the virtual machines. In this paper, we propose an innovative hypervisor design that splits hypervisor’s functions into a small enough component in the TCB, and other components to provide full functionalities. Our design can significantly reduce the TCB size without sacrificing functionalities. Our experiments also show acceptable costs of our design.
Fichier principal
Vignette du fichier
978-3-642-31540-4_23_Chapter.pdf (316.19 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-01534758 , version 1 (08-06-2017)

Licence

Identifiers

Cite

Wuqiong Pan, Yulong Zhang, Meng Yu, Jiwu Jing. Improving Virtualization Security by Splitting Hypervisor into Smaller Components. 26th Conference on Data and Applications Security and Privacy (DBSec), Jul 2012, Paris, France. pp.298-313, ⟨10.1007/978-3-642-31540-4_23⟩. ⟨hal-01534758⟩
145 View
283 Download

Altmetric

Share

More