Bit visor: A thin hypervisor for enforcing i/o device security

Takahiro Shinagawa, Hideki Eiraku, Kouichi Tanimoto, Kazumasa Omote, Shoichi Hasegawa, Takashi Horie, Manabu Hirano, Kenichi Kourai, Yoshihiro Oyama, Eiji Kawai, Kenji Kono, Shigeru Chiba, Yasushi Shinjo, Kazuhiko Kato

研究成果: Conference contribution

138 被引用数 (Scopus)

抄録

Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs. This paper introduces a hypervisor architecture, called parapassthrough, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also allows to run only single VM on it, eliminating the components for sharing and protecting system resources among VMs. We implemented a hypervisor called BitVisor and a parapass-through driver for enforcing storage encryption of ATA devices based on the parapass-through architecture. The experimental result reveals that the hypervisor and ATA driver require approximately 20 kilo lines of code (KLOC) and 1.4 KLOC respectively.

本文言語English
ホスト出版物のタイトルProceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09
ページ121-130
ページ数10
DOI
出版ステータスPublished - 2009 7 14
イベント2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09 - Washington, DC, United States
継続期間: 2009 3 112009 3 13

出版物シリーズ

名前Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09

Other

Other2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE'09
国/地域United States
CityWashington, DC
Period09/3/1109/3/13

ASJC Scopus subject areas

  • 人工知能
  • ソフトウェア

フィンガープリント

「Bit visor: A thin hypervisor for enforcing i/o device security」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル