Architectural support for hypervisor-secure virtualization

8 years 9 months ago
Architectural support for hypervisor-secure virtualization
Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual machines (VMs). Continuing releases of bug reports and exploits in the virtualization software show that defending the hypervisor against attacks is very difficult. In this work, we present hypervisor-secure virtualization – a new research direction with the goal of protecting the guest VMs from an untrusted hypervisor. We also present the HyperWall architecture which achieves hypervisor-secure virtualization, using hardware to provide the protections. HyperWall allows a hypervisor to freely manage the memory, processor cores and other resources of a platform. Yet once VMs are created, our new Confidentiality and Integrity Protection (CIP) tables protect the memory of the guest VMs from accesses by the hypervisor or by DMA, depending on ...
Jakub Szefer, Ruby B. Lee
Added 20 Apr 2012
Updated 20 Apr 2012
Type Journal
Year 2012
Authors Jakub Szefer, Ruby B. Lee
Comments (0)