Bit visor: A thin hypervisor for enforcing i/o device security

Takahiro Shinagawa; Hideki Eiraku; Kouichi Tanimoto; Kazumasa Omote; Shoichi Hasegawa; Takashi Horie; Manabu Hirano; Kenichi Kourai; Yoshihiro Oyama; Eiji Kawai; Kenji Kono; Shigeru Chiba; Yasushi Shinjo; Kazuhiko Kato

doi:10.1145/1508293.1508311

Bit visor: A thin hypervisor for enforcing i/o device security

Takahiro Shinagawa, Hideki Eiraku, Kouichi Tanimoto, Kazumasa Omote, Shoichi Hasegawa, Takashi Horie, Manabu Hirano, Kenichi Kourai, Yoshihiro Oyama, Eiji Kawai, Kenji Kono, Shigeru Chiba, Yasushi Shinjo, Kazuhiko Kato

Department of Information and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

145 Citations (Scopus)

Abstract

Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs. This paper introduces a hypervisor architecture, called parapassthrough, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also allows to run only single VM on it, eliminating the components for sharing and protecting system resources among VMs. We implemented a hypervisor called BitVisor and a parapass-through driver for enforcing storage encryption of ATA devices based on the parapass-through architecture. The experimental result reveals that the hypervisor and ATA driver require approximately 20 kilo lines of code (KLOC) and 1.4 KLOC respectively.

Original language	English
Title of host publication	Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09
Pages	121-130
Number of pages	10
DOIs	https://doi.org/10.1145/1508293.1508311
Publication status	Published - 2009
Event	2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09 - Washington, DC, United States Duration: 2009 Mar 11 → 2009 Mar 13

Publication series

Name	Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09

Other

Other	2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09
Country/Territory	United States
City	Washington, DC
Period	09/3/11 → 09/3/13

Keywords

Hypervisors
Parapass-through
Shadow DMA descriptor
Trusted computing base
Virtual machine monitors

ASJC Scopus subject areas

Artificial Intelligence
Software

Access to Document

10.1145/1508293.1508311

Cite this

Shinagawa, T., Eiraku, H., Tanimoto, K., Omote, K., Hasegawa, S., Horie, T., Hirano, M., Kourai, K., Oyama, Y., Kawai, E., Kono, K., Chiba, S., Shinjo, Y., & Kato, K. (2009). Bit visor: A thin hypervisor for enforcing i/o device security. In Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09 (pp. 121-130). (Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09). https://doi.org/10.1145/1508293.1508311

Bit visor : A thin hypervisor for enforcing i/o device security. / Shinagawa, Takahiro; Eiraku, Hideki; Tanimoto, Kouichi et al.

Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09. 2009. p. 121-130 (Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Shinagawa, T, Eiraku, H, Tanimoto, K, Omote, K, Hasegawa, S, Horie, T, Hirano, M, Kourai, K, Oyama, Y, Kawai, E, Kono, K, Chiba, S, Shinjo, Y & Kato, K 2009, Bit visor: A thin hypervisor for enforcing i/o device security. in Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09. Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09, pp. 121-130, 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09, Washington, DC, United States, 09/3/11. https://doi.org/10.1145/1508293.1508311

Shinagawa T, Eiraku H, Tanimoto K, Omote K, Hasegawa S, Horie T et al. Bit visor: A thin hypervisor for enforcing i/o device security. In Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09. 2009. p. 121-130. (Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09). doi: 10.1145/1508293.1508311

Shinagawa, Takahiro ; Eiraku, Hideki ; Tanimoto, Kouichi et al. / Bit visor : A thin hypervisor for enforcing i/o device security. Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09. 2009. pp. 121-130 (Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09).

@inproceedings{64025eec889b4861a335f8eff320348c,

title = "Bit visor: A thin hypervisor for enforcing i/o device security",

abstract = "Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs. This paper introduces a hypervisor architecture, called parapassthrough, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also allows to run only single VM on it, eliminating the components for sharing and protecting system resources among VMs. We implemented a hypervisor called BitVisor and a parapass-through driver for enforcing storage encryption of ATA devices based on the parapass-through architecture. The experimental result reveals that the hypervisor and ATA driver require approximately 20 kilo lines of code (KLOC) and 1.4 KLOC respectively.",

keywords = "Hypervisors, Parapass-through, Shadow DMA descriptor, Trusted computing base, Virtual machine monitors",

author = "Takahiro Shinagawa and Hideki Eiraku and Kouichi Tanimoto and Kazumasa Omote and Shoichi Hasegawa and Takashi Horie and Manabu Hirano and Kenichi Kourai and Yoshihiro Oyama and Eiji Kawai and Kenji Kono and Shigeru Chiba and Yasushi Shinjo and Kazuhiko Kato",

year = "2009",

doi = "10.1145/1508293.1508311",

language = "English",

isbn = "9781605583754",

series = "Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09",

pages = "121--130",

booktitle = "Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09",

note = "2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09 ; Conference date: 11-03-2009 Through 13-03-2009",

}

TY - GEN

T1 - Bit visor

T2 - 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09

AU - Shinagawa, Takahiro

AU - Eiraku, Hideki

AU - Tanimoto, Kouichi

AU - Omote, Kazumasa

AU - Hasegawa, Shoichi

AU - Horie, Takashi

AU - Hirano, Manabu

AU - Kourai, Kenichi

AU - Oyama, Yoshihiro

AU - Kawai, Eiji

AU - Kono, Kenji

AU - Chiba, Shigeru

AU - Shinjo, Yasushi

AU - Kato, Kazuhiko

PY - 2009

Y1 - 2009

N2 - Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs. This paper introduces a hypervisor architecture, called parapassthrough, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also allows to run only single VM on it, eliminating the components for sharing and protecting system resources among VMs. We implemented a hypervisor called BitVisor and a parapass-through driver for enforcing storage encryption of ATA devices based on the parapass-through architecture. The experimental result reveals that the hypervisor and ATA driver require approximately 20 kilo lines of code (KLOC) and 1.4 KLOC respectively.

AB - Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs. This paper introduces a hypervisor architecture, called parapassthrough, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also allows to run only single VM on it, eliminating the components for sharing and protecting system resources among VMs. We implemented a hypervisor called BitVisor and a parapass-through driver for enforcing storage encryption of ATA devices based on the parapass-through architecture. The experimental result reveals that the hypervisor and ATA driver require approximately 20 kilo lines of code (KLOC) and 1.4 KLOC respectively.

KW - Hypervisors

KW - Parapass-through

KW - Shadow DMA descriptor

KW - Trusted computing base

KW - Virtual machine monitors

UR - http://www.scopus.com/inward/record.url?scp=67650079952&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67650079952&partnerID=8YFLogxK

U2 - 10.1145/1508293.1508311

DO - 10.1145/1508293.1508311

M3 - Conference contribution

AN - SCOPUS:67650079952

SN - 9781605583754

T3 - Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09

SP - 121

EP - 130

BT - Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09

Y2 - 11 March 2009 through 13 March 2009

ER -

Bit visor: A thin hypervisor for enforcing i/o device security

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this