Bit visor: A thin hypervisor for enforcing i/o device security

Takahiro Shinagawa, Hideki Eiraku, Kouichi Tanimoto, Kazumasa Omote, Shoichi Hasegawa, Takashi Horie, Manabu Hirano, Kenichi Kourai, Yoshihiro Oyama, Eiji Kawai, Kenji Kono, Shigeru Chiba, Yasushi Shinjo, Kazuhiko Kato

Research output: Chapter in Book/Report/Conference proceedingConference contribution

121 Citations (Scopus)

Abstract

Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs. This paper introduces a hypervisor architecture, called parapassthrough, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also allows to run only single VM on it, eliminating the components for sharing and protecting system resources among VMs. We implemented a hypervisor called BitVisor and a parapass-through driver for enforcing storage encryption of ATA devices based on the parapass-through architecture. The experimental result reveals that the hypervisor and ATA driver require approximately 20 kilo lines of code (KLOC) and 1.4 KLOC respectively.

Original languageEnglish
Title of host publicationProceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09
Pages121-130
Number of pages10
DOIs
Publication statusPublished - 2009 Jul 14
Event2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09 - Washington, DC, United States
Duration: 2009 Mar 112009 Mar 13

Publication series

NameProceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09

Other

Other2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09
CountryUnited States
CityWashington, DC
Period09/3/1109/3/13

Keywords

  • Hypervisors
  • Parapass-through
  • Shadow DMA descriptor
  • Trusted computing base
  • Virtual machine monitors

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software

Fingerprint Dive into the research topics of 'Bit visor: A thin hypervisor for enforcing i/o device security'. Together they form a unique fingerprint.

  • Cite this

    Shinagawa, T., Eiraku, H., Tanimoto, K., Omote, K., Hasegawa, S., Horie, T., Hirano, M., Kourai, K., Oyama, Y., Kawai, E., Kono, K., Chiba, S., Shinjo, Y., & Kato, K. (2009). Bit visor: A thin hypervisor for enforcing i/o device security. In Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09 (pp. 121-130). (Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09). https://doi.org/10.1145/1508293.1508311