TY - GEN
T1 - Detangling resource management functions from the tcb in privacy-preserving virtualization
AU - Li, Min
AU - Zha, Zili
AU - Zang, Wanyu
AU - Yu, Meng
AU - Liu, Peng
AU - Bai, Kun
PY - 2014/1/1
Y1 - 2014/1/1
N2 - Recent research has developed virtualization architectures to protect the privacy of guest virtual machines. The key technology is to include an access control matrix in the hypervisor. However, existing approaches have either limited functionalities in the hypervisor or a Trusted computing Base (TCB) which is too large to secure. In this paper, we propose a new architecture, MyCloud SEP, to separate resource allocation and management from the hypervisor in order to reduce the TCB size while supporting privacy protection. In our design, the hypervisor checks all resource accesses against an access control matrix in the hypervisor. While providing flexibility of plugging-in resource management modules, the size of TCB is significantly reduced compared with commercial hypervisors. Using virtual disk manager as an example, we implement a prototype on x86 architecture. The performance evaluation results also show acceptable overheads.
AB - Recent research has developed virtualization architectures to protect the privacy of guest virtual machines. The key technology is to include an access control matrix in the hypervisor. However, existing approaches have either limited functionalities in the hypervisor or a Trusted computing Base (TCB) which is too large to secure. In this paper, we propose a new architecture, MyCloud SEP, to separate resource allocation and management from the hypervisor in order to reduce the TCB size while supporting privacy protection. In our design, the hypervisor checks all resource accesses against an access control matrix in the hypervisor. While providing flexibility of plugging-in resource management modules, the size of TCB is significantly reduced compared with commercial hypervisors. Using virtual disk manager as an example, we implement a prototype on x86 architecture. The performance evaluation results also show acceptable overheads.
UR - http://www.scopus.com/inward/record.url?scp=84906489485&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84906489485&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-11203-9_18
DO - 10.1007/978-3-319-11203-9_18
M3 - Conference contribution
AN - SCOPUS:84906489485
SN - 9783319112022
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 310
EP - 325
BT - Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings
PB - Springer Verlag
T2 - 19th European Symposium on Research in Computer Security, ESORICS 2014
Y2 - 7 September 2014 through 11 September 2014
ER -