A Two-Step Execution Mechanism for Thin Secure Hypervisors

A Two-Step Execution Mechanism for Thin Secure Hypervisors

Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execut...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Hirano, M., Shinagawa, T., Eiraku, H., Hasegawa, S., Omote, K., Tanimoto, K., Horie, T., Mune, S., Kato, K., Okuda, T., Kawai, E., Yamaguchi, S.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Communication system security
Computer security
Cryptography
Data security
Hypervisor
ID management
Information security
Isolation technology
Operating systems
Runtime
Secure storage
Security
TCB
Trusted Computing Base
Virtual machine monitor
Virtual machine monitors
VMM
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.
ISSN:2162-2108
DOI:10.1109/SECURWARE.2009.27