Separation virtual machine monitors

McDermott, John; Montrose, Bruce; Li, Margery; Kirby, James; Kang, Min Woo

doi:10.1145/2420950.2421011

Cited by 9 publications

(5 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hypervisors support COTS operating systems and legacy/diverse applications on specific operating systems. Hypervisors for safety and securitycritical systems have been widely discussed [78,79]. For instance, Xtratum [80] is a typical hypervisor for safety-critical embedded systems.…”

Section: • Arinc 653 Compliant Separation Kernelsmentioning

confidence: 99%

A survey on formal specification and verification of separation kernels

Zhao¹,

Yang

Ma³

2017

Front. Comput. Sci.

View full text Add to dashboard Cite

Separation kernels are fundamental software of safety and security-critical systems, which provide to their hosted applications spatial and temporal separation as well as controlled information flows among partitions. The application of separation kernels in critical domain demands the correctness of the kernel by formal verification. To the best of our knowledge, there is no survey paper on this topic. This paper presents an overview of formal specification and verification of separation kernels. We first present the background including the concept of separation kernel and the comparisons among different kernels. Then, we survey the state of the art on this topic since 2000. Finally, we summarize research work by detailed comparison and discussion.

show abstract

Section: • Arinc 653 Compliant Separation Kernelsmentioning

confidence: 99%

A survey on formal specification and verification of separation kernels

Zhao¹,

Yang

Ma³

2017

Front. Comput. Sci.

View full text Add to dashboard Cite

show abstract

“…A defining feature of hypervisor architectures is the arrangement of security rings [4]. A security ring is a hierarchical level of privilege within a computer system [5].…”

Section: Security Ringsmentioning

confidence: 99%

“…The monitoring interface allows external devices to query a hypervisor, receive metrics of system state, prepare virtual machine performance reports, or poll hardware. Attackers would be interested in tapping into the monitoring system and changing reported metrics [4]. They could underreport system load in order to hide illicit activities.…”

Section: Monitoringmentioning

confidence: 99%

Analysis of Monolithic and Microkernel Architectures: Towards Secure Hypervisor Design

Shropshire

2014

2014 47th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

This research focuses on hypervisor security from holistic perspective. It centers on hypervisor architecturethe organization of the various subsystems which collectively compromise a virtualization platform. It holds that the path to a secure hypervisor begins with a big-picture focus on architecture. Unfortunately, little research has been conducted with this perspective. This study investigates the impact of monolithic and microkernel hypervisor architectures on the size and scope of the attack surface. Six architectural features are compared: management API, monitoring interface, hypercalls, interrupts, networking, and I/O. These subsystems are core hypervisor components which could be used as attack vectors. Specific examples and three leading hypervisor platforms are referenced (ESXi for monolithic architecture; Xen and Hyper-V for micro architecture). The results describe the relative strengths and vulnerabilities of both types of architectures. It is concluded that neither design is more secure, since both incorporate security tradeoffs in core processes.

show abstract

“…Candidates include the NRL Xenon hypervisor [9,6,8], which is still in development, and the commercially available Citrix XenClient XT [2]. Announced in May 2011, XenClient XT leverages NSA's Xen Security Modules (XSM) [3] and SELinux, Intel's Virtualization Technology for Directed I/O (VT-d), Extended Page Tables and Trust Platform Module (TPM)/Trusted Execution Technologies (TXT) to improve VM isolation and to provide a root of trust.…”

Section: Layer 1: Trustworthy Vmm To Isolate Vmsmentioning

confidence: 99%