A Two-Step Execution Mechanism for Thin Secure Hypervisors
Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execut...
Gespeichert in:
Hauptverfasser: | , , , , , , , , , , , |
---|---|
Format: | Tagungsbericht |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 135 |
---|---|
container_issue | |
container_start_page | 129 |
container_title | |
container_volume | |
creator | Hirano, M. Shinagawa, T. Eiraku, H. Hasegawa, S. Omote, K. Tanimoto, K. Horie, T. Mune, S. Kato, K. Okuda, T. Kawai, E. Yamaguchi, S. |
description | Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed. |
doi_str_mv | 10.1109/SECURWARE.2009.27 |
format | Conference Proceeding |
fullrecord | <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5211032</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5211032</ieee_id><sourcerecordid>5211032</sourcerecordid><originalsourceid>FETCH-LOGICAL-i219t-6844a8fdd877136ac9b3b0e7386340c125a8bd7bb4ad0faa5e48d12dfb4497f23</originalsourceid><addsrcrecordid>eNotj1tLwzAYQAMqOOd-gPiSP9D55dJcfCulbsJEWDt8HGmTsIhrS1Iv-_cO9Ok8HDhwELojsCQE9ENdlbvtW7GtlhRAL6m8QDcghc6ZEEpfohklgmaUgLpGi5TeAYARpTTADD0WuPkesnpyI65-XPc5haHHL647mD6kI_ZDxM0h9Lg-u-jw-jS6-BXSENMtuvLmI7nFP-do91Q15TrbvK6ey2KTBUr0lAnFuVHeWiUlYcJ0umUtOMmUYBw6QnOjWivblhsL3pjccWUJtb7lXEtP2Rzd_3WDc24_xnA08bTP6fmdUfYLBVhHmg</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A Two-Step Execution Mechanism for Thin Secure Hypervisors</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Hirano, M. ; Shinagawa, T. ; Eiraku, H. ; Hasegawa, S. ; Omote, K. ; Tanimoto, K. ; Horie, T. ; Mune, S. ; Kato, K. ; Okuda, T. ; Kawai, E. ; Yamaguchi, S.</creator><creatorcontrib>Hirano, M. ; Shinagawa, T. ; Eiraku, H. ; Hasegawa, S. ; Omote, K. ; Tanimoto, K. ; Horie, T. ; Mune, S. ; Kato, K. ; Okuda, T. ; Kawai, E. ; Yamaguchi, S.</creatorcontrib><description>Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.</description><identifier>ISSN: 2162-2108</identifier><identifier>ISBN: 0769536689</identifier><identifier>ISBN: 9780769536682</identifier><identifier>DOI: 10.1109/SECURWARE.2009.27</identifier><language>eng</language><publisher>IEEE</publisher><subject>Communication system security ; Computer security ; Cryptography ; Data security ; Hypervisor ; ID management ; Information security ; Isolation technology ; Operating systems ; Runtime ; Secure storage ; Security ; TCB ; Trusted Computing Base ; Virtual machine monitor ; Virtual machine monitors ; VMM</subject><ispartof>2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009, p.129-135</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5211032$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5211032$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Hirano, M.</creatorcontrib><creatorcontrib>Shinagawa, T.</creatorcontrib><creatorcontrib>Eiraku, H.</creatorcontrib><creatorcontrib>Hasegawa, S.</creatorcontrib><creatorcontrib>Omote, K.</creatorcontrib><creatorcontrib>Tanimoto, K.</creatorcontrib><creatorcontrib>Horie, T.</creatorcontrib><creatorcontrib>Mune, S.</creatorcontrib><creatorcontrib>Kato, K.</creatorcontrib><creatorcontrib>Okuda, T.</creatorcontrib><creatorcontrib>Kawai, E.</creatorcontrib><creatorcontrib>Yamaguchi, S.</creatorcontrib><title>A Two-Step Execution Mechanism for Thin Secure Hypervisors</title><title>2009 Third International Conference on Emerging Security Information, Systems and Technologies</title><addtitle>SECUREWARE</addtitle><description>Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.</description><subject>Communication system security</subject><subject>Computer security</subject><subject>Cryptography</subject><subject>Data security</subject><subject>Hypervisor</subject><subject>ID management</subject><subject>Information security</subject><subject>Isolation technology</subject><subject>Operating systems</subject><subject>Runtime</subject><subject>Secure storage</subject><subject>Security</subject><subject>TCB</subject><subject>Trusted Computing Base</subject><subject>Virtual machine monitor</subject><subject>Virtual machine monitors</subject><subject>VMM</subject><issn>2162-2108</issn><isbn>0769536689</isbn><isbn>9780769536682</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2009</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotj1tLwzAYQAMqOOd-gPiSP9D55dJcfCulbsJEWDt8HGmTsIhrS1Iv-_cO9Ok8HDhwELojsCQE9ENdlbvtW7GtlhRAL6m8QDcghc6ZEEpfohklgmaUgLpGi5TeAYARpTTADD0WuPkesnpyI65-XPc5haHHL647mD6kI_ZDxM0h9Lg-u-jw-jS6-BXSENMtuvLmI7nFP-do91Q15TrbvK6ey2KTBUr0lAnFuVHeWiUlYcJ0umUtOMmUYBw6QnOjWivblhsL3pjccWUJtb7lXEtP2Rzd_3WDc24_xnA08bTP6fmdUfYLBVhHmg</recordid><startdate>200906</startdate><enddate>200906</enddate><creator>Hirano, M.</creator><creator>Shinagawa, T.</creator><creator>Eiraku, H.</creator><creator>Hasegawa, S.</creator><creator>Omote, K.</creator><creator>Tanimoto, K.</creator><creator>Horie, T.</creator><creator>Mune, S.</creator><creator>Kato, K.</creator><creator>Okuda, T.</creator><creator>Kawai, E.</creator><creator>Yamaguchi, S.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200906</creationdate><title>A Two-Step Execution Mechanism for Thin Secure Hypervisors</title><author>Hirano, M. ; Shinagawa, T. ; Eiraku, H. ; Hasegawa, S. ; Omote, K. ; Tanimoto, K. ; Horie, T. ; Mune, S. ; Kato, K. ; Okuda, T. ; Kawai, E. ; Yamaguchi, S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i219t-6844a8fdd877136ac9b3b0e7386340c125a8bd7bb4ad0faa5e48d12dfb4497f23</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2009</creationdate><topic>Communication system security</topic><topic>Computer security</topic><topic>Cryptography</topic><topic>Data security</topic><topic>Hypervisor</topic><topic>ID management</topic><topic>Information security</topic><topic>Isolation technology</topic><topic>Operating systems</topic><topic>Runtime</topic><topic>Secure storage</topic><topic>Security</topic><topic>TCB</topic><topic>Trusted Computing Base</topic><topic>Virtual machine monitor</topic><topic>Virtual machine monitors</topic><topic>VMM</topic><toplevel>online_resources</toplevel><creatorcontrib>Hirano, M.</creatorcontrib><creatorcontrib>Shinagawa, T.</creatorcontrib><creatorcontrib>Eiraku, H.</creatorcontrib><creatorcontrib>Hasegawa, S.</creatorcontrib><creatorcontrib>Omote, K.</creatorcontrib><creatorcontrib>Tanimoto, K.</creatorcontrib><creatorcontrib>Horie, T.</creatorcontrib><creatorcontrib>Mune, S.</creatorcontrib><creatorcontrib>Kato, K.</creatorcontrib><creatorcontrib>Okuda, T.</creatorcontrib><creatorcontrib>Kawai, E.</creatorcontrib><creatorcontrib>Yamaguchi, S.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Hirano, M.</au><au>Shinagawa, T.</au><au>Eiraku, H.</au><au>Hasegawa, S.</au><au>Omote, K.</au><au>Tanimoto, K.</au><au>Horie, T.</au><au>Mune, S.</au><au>Kato, K.</au><au>Okuda, T.</au><au>Kawai, E.</au><au>Yamaguchi, S.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A Two-Step Execution Mechanism for Thin Secure Hypervisors</atitle><btitle>2009 Third International Conference on Emerging Security Information, Systems and Technologies</btitle><stitle>SECUREWARE</stitle><date>2009-06</date><risdate>2009</risdate><spage>129</spage><epage>135</epage><pages>129-135</pages><issn>2162-2108</issn><isbn>0769536689</isbn><isbn>9780769536682</isbn><abstract>Virtual machine monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.</abstract><pub>IEEE</pub><doi>10.1109/SECURWARE.2009.27</doi><tpages>7</tpages><oa>free_for_read</oa></addata></record> |
fulltext | fulltext_linktorsrc |
identifier | ISSN: 2162-2108 |
ispartof | 2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009, p.129-135 |
issn | 2162-2108 |
language | eng |
recordid | cdi_ieee_primary_5211032 |
source | IEEE Electronic Library (IEL) Conference Proceedings |
subjects | Communication system security Computer security Cryptography Data security Hypervisor ID management Information security Isolation technology Operating systems Runtime Secure storage Security TCB Trusted Computing Base Virtual machine monitor Virtual machine monitors VMM |
title | A Two-Step Execution Mechanism for Thin Secure Hypervisors |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-02T19%3A35%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20Two-Step%20Execution%20Mechanism%20for%20Thin%20Secure%20Hypervisors&rft.btitle=2009%20Third%20International%20Conference%20on%20Emerging%20Security%20Information,%20Systems%20and%20Technologies&rft.au=Hirano,%20M.&rft.date=2009-06&rft.spage=129&rft.epage=135&rft.pages=129-135&rft.issn=2162-2108&rft.isbn=0769536689&rft.isbn_list=9780769536682&rft_id=info:doi/10.1109/SECURWARE.2009.27&rft_dat=%3Cieee_6IE%3E5211032%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5211032&rfr_iscdi=true |