A Two-Step Execution Mechanism for Thin Secure Hypervisors

Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execut...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Hirano, M., Shinagawa, T., Eiraku, H., Hasegawa, S., Omote, K., Tanimoto, K., Horie, T., Mune, S., Kato, K., Okuda, T., Kawai, E., Yamaguchi, S.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 135
container_issue
container_start_page 129
container_title
container_volume
creator Hirano, M.
Shinagawa, T.
Eiraku, H.
Hasegawa, S.
Omote, K.
Tanimoto, K.
Horie, T.
Mune, S.
Kato, K.
Okuda, T.
Kawai, E.
Yamaguchi, S.
description Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.
doi_str_mv 10.1109/SECURWARE.2009.27
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5211032</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5211032</ieee_id><sourcerecordid>5211032</sourcerecordid><originalsourceid>FETCH-LOGICAL-i219t-6844a8fdd877136ac9b3b0e7386340c125a8bd7bb4ad0faa5e48d12dfb4497f23</originalsourceid><addsrcrecordid>eNotj1tLwzAYQAMqOOd-gPiSP9D55dJcfCulbsJEWDt8HGmTsIhrS1Iv-_cO9Ok8HDhwELojsCQE9ENdlbvtW7GtlhRAL6m8QDcghc6ZEEpfohklgmaUgLpGi5TeAYARpTTADD0WuPkesnpyI65-XPc5haHHL647mD6kI_ZDxM0h9Lg-u-jw-jS6-BXSENMtuvLmI7nFP-do91Q15TrbvK6ey2KTBUr0lAnFuVHeWiUlYcJ0umUtOMmUYBw6QnOjWivblhsL3pjccWUJtb7lXEtP2Rzd_3WDc24_xnA08bTP6fmdUfYLBVhHmg</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A Two-Step Execution Mechanism for Thin Secure Hypervisors</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Hirano, M. ; Shinagawa, T. ; Eiraku, H. ; Hasegawa, S. ; Omote, K. ; Tanimoto, K. ; Horie, T. ; Mune, S. ; Kato, K. ; Okuda, T. ; Kawai, E. ; Yamaguchi, S.</creator><creatorcontrib>Hirano, M. ; Shinagawa, T. ; Eiraku, H. ; Hasegawa, S. ; Omote, K. ; Tanimoto, K. ; Horie, T. ; Mune, S. ; Kato, K. ; Okuda, T. ; Kawai, E. ; Yamaguchi, S.</creatorcontrib><description>Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.</description><identifier>ISSN: 2162-2108</identifier><identifier>ISBN: 0769536689</identifier><identifier>ISBN: 9780769536682</identifier><identifier>DOI: 10.1109/SECURWARE.2009.27</identifier><language>eng</language><publisher>IEEE</publisher><subject>Communication system security ; Computer security ; Cryptography ; Data security ; Hypervisor ; ID management ; Information security ; Isolation technology ; Operating systems ; Runtime ; Secure storage ; Security ; TCB ; Trusted Computing Base ; Virtual machine monitor ; Virtual machine monitors ; VMM</subject><ispartof>2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009, p.129-135</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5211032$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5211032$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Hirano, M.</creatorcontrib><creatorcontrib>Shinagawa, T.</creatorcontrib><creatorcontrib>Eiraku, H.</creatorcontrib><creatorcontrib>Hasegawa, S.</creatorcontrib><creatorcontrib>Omote, K.</creatorcontrib><creatorcontrib>Tanimoto, K.</creatorcontrib><creatorcontrib>Horie, T.</creatorcontrib><creatorcontrib>Mune, S.</creatorcontrib><creatorcontrib>Kato, K.</creatorcontrib><creatorcontrib>Okuda, T.</creatorcontrib><creatorcontrib>Kawai, E.</creatorcontrib><creatorcontrib>Yamaguchi, S.</creatorcontrib><title>A Two-Step Execution Mechanism for Thin Secure Hypervisors</title><title>2009 Third International Conference on Emerging Security Information, Systems and Technologies</title><addtitle>SECUREWARE</addtitle><description>Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.</description><subject>Communication system security</subject><subject>Computer security</subject><subject>Cryptography</subject><subject>Data security</subject><subject>Hypervisor</subject><subject>ID management</subject><subject>Information security</subject><subject>Isolation technology</subject><subject>Operating systems</subject><subject>Runtime</subject><subject>Secure storage</subject><subject>Security</subject><subject>TCB</subject><subject>Trusted Computing Base</subject><subject>Virtual machine monitor</subject><subject>Virtual machine monitors</subject><subject>VMM</subject><issn>2162-2108</issn><isbn>0769536689</isbn><isbn>9780769536682</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2009</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotj1tLwzAYQAMqOOd-gPiSP9D55dJcfCulbsJEWDt8HGmTsIhrS1Iv-_cO9Ok8HDhwELojsCQE9ENdlbvtW7GtlhRAL6m8QDcghc6ZEEpfohklgmaUgLpGi5TeAYARpTTADD0WuPkesnpyI65-XPc5haHHL647mD6kI_ZDxM0h9Lg-u-jw-jS6-BXSENMtuvLmI7nFP-do91Q15TrbvK6ey2KTBUr0lAnFuVHeWiUlYcJ0umUtOMmUYBw6QnOjWivblhsL3pjccWUJtb7lXEtP2Rzd_3WDc24_xnA08bTP6fmdUfYLBVhHmg</recordid><startdate>200906</startdate><enddate>200906</enddate><creator>Hirano, M.</creator><creator>Shinagawa, T.</creator><creator>Eiraku, H.</creator><creator>Hasegawa, S.</creator><creator>Omote, K.</creator><creator>Tanimoto, K.</creator><creator>Horie, T.</creator><creator>Mune, S.</creator><creator>Kato, K.</creator><creator>Okuda, T.</creator><creator>Kawai, E.</creator><creator>Yamaguchi, S.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200906</creationdate><title>A Two-Step Execution Mechanism for Thin Secure Hypervisors</title><author>Hirano, M. ; Shinagawa, T. ; Eiraku, H. ; Hasegawa, S. ; Omote, K. ; Tanimoto, K. ; Horie, T. ; Mune, S. ; Kato, K. ; Okuda, T. ; Kawai, E. ; Yamaguchi, S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i219t-6844a8fdd877136ac9b3b0e7386340c125a8bd7bb4ad0faa5e48d12dfb4497f23</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2009</creationdate><topic>Communication system security</topic><topic>Computer security</topic><topic>Cryptography</topic><topic>Data security</topic><topic>Hypervisor</topic><topic>ID management</topic><topic>Information security</topic><topic>Isolation technology</topic><topic>Operating systems</topic><topic>Runtime</topic><topic>Secure storage</topic><topic>Security</topic><topic>TCB</topic><topic>Trusted Computing Base</topic><topic>Virtual machine monitor</topic><topic>Virtual machine monitors</topic><topic>VMM</topic><toplevel>online_resources</toplevel><creatorcontrib>Hirano, M.</creatorcontrib><creatorcontrib>Shinagawa, T.</creatorcontrib><creatorcontrib>Eiraku, H.</creatorcontrib><creatorcontrib>Hasegawa, S.</creatorcontrib><creatorcontrib>Omote, K.</creatorcontrib><creatorcontrib>Tanimoto, K.</creatorcontrib><creatorcontrib>Horie, T.</creatorcontrib><creatorcontrib>Mune, S.</creatorcontrib><creatorcontrib>Kato, K.</creatorcontrib><creatorcontrib>Okuda, T.</creatorcontrib><creatorcontrib>Kawai, E.</creatorcontrib><creatorcontrib>Yamaguchi, S.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Hirano, M.</au><au>Shinagawa, T.</au><au>Eiraku, H.</au><au>Hasegawa, S.</au><au>Omote, K.</au><au>Tanimoto, K.</au><au>Horie, T.</au><au>Mune, S.</au><au>Kato, K.</au><au>Okuda, T.</au><au>Kawai, E.</au><au>Yamaguchi, S.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A Two-Step Execution Mechanism for Thin Secure Hypervisors</atitle><btitle>2009 Third International Conference on Emerging Security Information, Systems and Technologies</btitle><stitle>SECUREWARE</stitle><date>2009-06</date><risdate>2009</risdate><spage>129</spage><epage>135</epage><pages>129-135</pages><issn>2162-2108</issn><isbn>0769536689</isbn><isbn>9780769536682</isbn><abstract>Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.</abstract><pub>IEEE</pub><doi>10.1109/SECURWARE.2009.27</doi><tpages>7</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 2162-2108
ispartof 2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009, p.129-135
issn 2162-2108
language eng
recordid cdi_ieee_primary_5211032
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Communication system security
Computer security
Cryptography
Data security
Hypervisor
ID management
Information security
Isolation technology
Operating systems
Runtime
Secure storage
Security
TCB
Trusted Computing Base
Virtual machine monitor
Virtual machine monitors
VMM
title A Two-Step Execution Mechanism for Thin Secure Hypervisors
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-02T19%3A35%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20Two-Step%20Execution%20Mechanism%20for%20Thin%20Secure%20Hypervisors&rft.btitle=2009%20Third%20International%20Conference%20on%20Emerging%20Security%20Information,%20Systems%20and%20Technologies&rft.au=Hirano,%20M.&rft.date=2009-06&rft.spage=129&rft.epage=135&rft.pages=129-135&rft.issn=2162-2108&rft.isbn=0769536689&rft.isbn_list=9780769536682&rft_id=info:doi/10.1109/SECURWARE.2009.27&rft_dat=%3Cieee_6IE%3E5211032%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5211032&rfr_iscdi=true