Sciweavers

CCS
2011
ACM

Eliminating the hypervisor attack surface for a more secure cloud

12 years 11 months ago
Eliminating the hypervisor attack surface for a more secure cloud
Cloud computing is quickly becoming the platform of choice for many web services. Virtualization is the key underlying technology enabling cloud providers to host services for a large number of customers. Unfortunately, virtualization software is large, complex, and has a considerable attack surface. As such, it is prone to bugs and vulnerabilities that a malicious virtual machine (VM) can exploit to attack or obstruct other VMs — a major concern for organizations wishing to move“to the cloud.” In contrast to previous work on hardening or minimizing the virtualization software, we eliminate the hypervisor attack surface by enabling the guest VMs to run natively on the underlying hardware while maintaining the ability to run multiple VMs concurrently. Our NoHype system embodies four key ideas: (i) pre-allocation of processor cores and memory resources, (ii) use of virtualized I/O devices, (iii) minor modifications to the guest OS to perform all system discovery during bootup, an...
Jakub Szefer, Eric Keller, Ruby B. Lee, Jennifer R
Added 13 Dec 2011
Updated 13 Dec 2011
Type Journal
Year 2011
Where CCS
Authors Jakub Szefer, Eric Keller, Ruby B. Lee, Jennifer Rexford
Comments (0)