Secure Cloud Computing

Hypervisor-Free Vritualization

NoHype System Overview

Cloud computing is a disruptive trend that is changing the way we use computers and virtualization is the key underlying technology in cloud infrastructures. Unfortunately, the use of virtualization is the source of a significant security concern: multiple virtual machines (VMs) run on the same server and since the virtualization layer plays a considerable role in the operation of a virtual machine, a malicious VM has the opportunity to attack the virtualization layer. A successful attack would give the malicious VM control over the all-powerful virtualization layer and potentially compromise the confidentiality and integrity of the virtualization layer and the other VMs. The NoHype system architecture proposes removing the virtualization layer while retaining the key features needed to be able to provide for multi tenancy of VMs. The NoHype architecture is named to indicate the removal of the hypervisor (no hypervisor) but we also try to show that the NoHype architecture may indeed be implementable on today's commodity hardware (not a hype). By removing bulky virtualization layer we propose that the architecture improves security while retaining key functionality to be able to host multiple VMs on same physical hardware.

This is a joint work between Prof. Lee's group and Prof. Rexford's group (CS department).

  1. Eric Keller, Jakub Szefer, Jennifer Rexford, and Ruby B. Lee, "NoHype: Virtualized cloud infrastructure without the virtualization," in proceedings of the International Symposium on Computer Architecture (ISCA 2010), pages 350-357, June 2010.
  2. Jakub Szefer, Eric Keller, Ruby B. Lee and Jennifer Rexford, "Eliminating the Hypervisor Attack Surface for a More Secure Cloud," to appear in Proceedings of the Conference on Computer and Communications Security (CCS 2011), October 2011.

Prototype Implementation

In Progress.

Hypervisor-Secure Virtualization

HyperWall Architecture

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual machines (VMs). Continuing releases of bug reports and exploits in the virtualization software show that defending the hypervisor against attacks is very difficult. In this work, we present hypervisor-secure virtualization – a new research direction with the goal of protecting the guest VMs from an untrusted hypervisor. We also present the Hy- perWall architecture which achieves hypervisor-secure virtualization, using hardware to provide the protections. HyperWall allows a hypervisor to freely manage the memory, processor cores and other resources of a platform. Yet once VMs are created, our new Confidentiality and Integrity Protection (CIP) tables protect the memory of the guest VMs from accesses by the hypervisor or by DMA, depending on the customer’s specification. If a hypervisor does become compromised, e.g. by an attack from a malicious VM, it cannot be used in turn to attack other VMs. The protections are enabled through minimal modifications to the micropro- cessor and memory management units. Whereas much of the previous work concentrates on protecting the hypervisor from attacks by guest VMs, we tackle the problem of protecting the guest VMs from the hypervisor.

  1. Jakub Szefer and Ruby B. Lee, "Architectural Support for Hypervisor-Secure Virtualization," in Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 3–7, 2012.
  2. Jakub Szefer and Ruby B. Lee, "A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing," in Proceedings of the Second International Workshop on Security and Privacy in Cloud Computing (SPCC), June 20-24, 2011.

Simulation Implementation

In Progress.

FPGA Implementation

In Progress.