TY - GEN
T1 - Dancing with wolves
T2 - 2017 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE 2017
AU - Deng, Liang
AU - Liu, Peng
AU - Xu, Jun
AU - Chen, Ping
AU - Zeng, Qingkai
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/4/8
Y1 - 2017/4/8
N2 - This paper presents a novel framework that enables practical event-driven monitoring for untrusted virtual machine monitors (VMMs) in cloud computing. Unlike previous approaches for VMM monitoring, our framework neither relies on a higher privilege level nor requires any special hardware support. Instead, we place the trusted monitor at the same privilege level and in the same address space with the untrusted VMM to achieve superior efficiency, while proposing a unique mutual-protection mechanism to ensure the integrity of the monitor. Our security analysis demonstrates that our framework can provide high-assurance for event-driven VMM monitoring, even if the highest-privilege VMM is fully compromised. The experimental results show that our framework only incurs trivial performance overhead for enforcing event-driven monitoring policies, exhibiting tremendous performance improvement on previous approaches.
AB - This paper presents a novel framework that enables practical event-driven monitoring for untrusted virtual machine monitors (VMMs) in cloud computing. Unlike previous approaches for VMM monitoring, our framework neither relies on a higher privilege level nor requires any special hardware support. Instead, we place the trusted monitor at the same privilege level and in the same address space with the untrusted VMM to achieve superior efficiency, while proposing a unique mutual-protection mechanism to ensure the integrity of the monitor. Our security analysis demonstrates that our framework can provide high-assurance for event-driven VMM monitoring, even if the highest-privilege VMM is fully compromised. The experimental results show that our framework only incurs trivial performance overhead for enforcing event-driven monitoring policies, exhibiting tremendous performance improvement on previous approaches.
UR - http://www.scopus.com/inward/record.url?scp=85018769480&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85018769480&partnerID=8YFLogxK
U2 - 10.1145/3050748.3050750
DO - 10.1145/3050748.3050750
M3 - Conference contribution
AN - SCOPUS:85018769480
T3 - VEE 2017 - Proceedings of the 2017 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments
SP - 83
EP - 96
BT - VEE 2017 - Proceedings of the 2017 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments
PB - Association for Computing Machinery, Inc
Y2 - 8 April 2017 through 9 April 2017
ER -