Paper Titles

The Series Solution of Fractional Partial Differential Equations via Homotopy Analysis Method
p.613

On Semilattices of R-Ample Semigroups with Left Central Idempotents
p.617

The Influence of Training Step on Price Forecasting Based on Least Squares Support Vector Machine
p.621

Symbolic Regression on Noisy Data with Stepwise Genetic Programming Algorithm
p.625

A New Hardware Isolation Architecture
p.631

A Security Authentication Scheme in Wireless LAN for Portable Terminal
p.637

A Wu‘s Method Based Parallelization Design and Implementation for Algebraic Cryptanalysis
p.641

An Intelligent Detection Method for Network Security
p.646

Cloud Computing Survey
p.650

HomeApplied Mechanics and MaterialsApplied Mechanics and Materials Vols. 530-531A New Hardware Isolation Architecture

A New Hardware Isolation Architecture

Article Preview

Abstract:

Virtual systems are usually attacked due to the vulnerabilities in the hypervisor. The hypervisor cannot solve this because its code size is too big to implement totally right. This paper proposed a new hardware-software architecture based on hardware isolation, which adds a new component in CPU to provide hard-level isolation. Even when the malicious code gets the highest software privilege, it cannot break into another domain from current domain. This paper also gives the implementation of the booting, memory isolation, scheduling, interrupt handling and inter-domain communication.

You might also be interested in these eBooks

Advances in Measurements and Information Technologies

Info:

Periodical:

Applied Mechanics and Materials (Volumes 530-531)

Pages:

631-636

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.530-531.631

Citation:

Cite this paper

Online since:

February 2014

Authors:

Ming Shang

Keywords:

Hardware Isolation, Hypervisor, Virtualization

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

[1] Cve-2007-4993: Xen guest root can escape to domain 0 through pygrub. http: /cve. mitre. org/cgibin/cvename. cgi?name=CVE-2007-4993, (2007).

[2] Cve-2007-5497: Vulnerability in xenserver could result in privilege escalation and arbitrary code executioner. http: /support. citrix. com/article/CTX118766, (2007).

[3] Amd-vtm nested paging. Technical report, AMD, (2008).

[4] Cve-2008-2100: Vmware buffer overflows in vix api let local users execute arbitrary code in host os. http: /cve. mitre. org/cgi-bin/cvename. cgi? name=CVE-2008-2100, (2008).

[5] X. Z. Ahmed Azab, Peng Ning. Sice: A hardware-level strongly isolated computing environment for x86 multi-core platforms. In 18th ACM Conference on Computer and Communications Security, (2011).

DOI: 10.1145/2046707.2046752

[6] D. Champagne and R. Lee. Scalable architectural support for trusted software. In High Performance Computer Architecture (HPCA), 2010 IEEE 16th International Symposium on, pages 1–12. IEEE, (2010).

DOI: 10.1109/hpca.2010.5416657

[7] X. Chen, T. Garfinkel, E. Lewis, P. Subrahmanyam, C. Waldspurger, D. Boneh, J. Dwoskin, and D. Ports. Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems. In ACM SIGARCH Computer Architecture News, volume 36, pages 2–13. ACM, (2008).

DOI: 10.1145/1353534.1346284

[8] S. Chhabra, B. Rogers, Y. Solihin, and M. Prvulovic. Making secure processors os-and performance friendly. ACM Transactions on Architecture and Code Optimization (TACO), 5(4): 16, (2009).

DOI: 10.1145/1498690.1498691

[9] S. Chhabra, B. Rogers, Y. Solihin, X. Prvulovic, M. Chen, T. Garfinkel, E. Lewis, P. Subrahmanyam, C. Waldspurger, D. Boneh, J. Dwoskin, and D. Ports. Secureme: a hardware-software approach to full system security. In Proceedings of the international conference on Supercomputing, pages 108–119. ACM, (2011).

DOI: 10.1145/1995896.1995914

[10] E. Keller, J. Szefer, J. Rexford, and R. Lee. Nohype: virtualized cloud infrastructure without the virtualization. In Proceedings of the 37th annual international symposium on Computer architecture, pages 350–361. ACM, (2010).

DOI: 10.1145/1815961.1816010

[11] K. Kortchinsky. Hacking 3d (and breaking out of vmware). BlackHat USA, (2009).

[12] D. Lie, C. Thekkath, and M. Horowitz. Implementing an untrusted operating system on trusted hardware. ACM SIGOPS Operating Systems Review, 37(5): 178–192, (2003).

DOI: 10.1145/1165389.945463

[13] D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. ACM SIGPLAN Notices, 35(11): 168–177, (2000).

DOI: 10.1145/356989.357005

[14] G. Neiger, A. Santoni, F. Leung, D. Rodgers, and R. Uhlig. Intel virtualization technology: Hardware support for efficient processor virtualization. Intel Technology Journal, 10(3): 167–177, (2006).

DOI: 10.1535/itj.1003.01

[15] T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. hey, you, get off of my cloud! Exploring information leakage in third-party compute clouds,. Computer and Communications Security, (2009).

DOI: 10.1145/1653662.1653687

[16] G. Suh, D. Clarke, B. Gassend, M. Van Dijk, and S. Devadas. Aegis: architecture for tamper-evident and tamper-resistant processing. In Proceedings of the 17th annual international conference on Supercomputing, pages 160–171. ACM, (2003).

DOI: 10.1145/782814.782838

[17] J. Szefer, E. Keller, R. Lee, and J. Rexford. Eliminating the hypervisor attack surface for a more secure cloud. Technical report, Technical Report CE-L2011-004, Princeton University Department of Electrical Engineering, (2011).

DOI: 10.1145/2046707.2046754

[18] R. Wojtczuk. Subverting the xen hypervisor. BlackHat USA, (2008).