Detangling resource management functions from the tcb in privacy-preserving virtualization

Min Li, Zili Zha, Wanyu Zang, Meng Yu, Peng Liu, Kun Bai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Recent research has developed virtualization architectures to protect the privacy of guest virtual machines. The key technology is to include an access control matrix in the hypervisor. However, existing approaches have either limited functionalities in the hypervisor or a Trusted computing Base (TCB) which is too large to secure. In this paper, we propose a new architecture, MyCloud SEP, to separate resource allocation and management from the hypervisor in order to reduce the TCB size while supporting privacy protection. In our design, the hypervisor checks all resource accesses against an access control matrix in the hypervisor. While providing flexibility of plugging-in resource management modules, the size of TCB is significantly reduced compared with commercial hypervisors. Using virtual disk manager as an example, we implement a prototype on x86 architecture. The performance evaluation results also show acceptable overheads.

Original languageEnglish (US)
Title of host publicationComputer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings
PublisherSpringer Verlag
Pages310-325
Number of pages16
EditionPART 1
ISBN (Print)9783319112022
DOIs
StatePublished - Jan 1 2014
Event19th European Symposium on Research in Computer Security, ESORICS 2014 - Wroclaw, Poland
Duration: Sep 7 2014Sep 11 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 1
Volume8712 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other19th European Symposium on Research in Computer Security, ESORICS 2014
CountryPoland
CityWroclaw
Period9/7/149/11/14

Fingerprint

Trusted Computing
Virtualization
Privacy Preserving
Resource Management
Access Control
Access control
Privacy Protection
Virtual Machine
Resource Allocation
Resource allocation
Privacy
Performance Evaluation
Managers
Flexibility
Prototype
Module
Resources
Architecture
Trusted computing

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Li, M., Zha, Z., Zang, W., Yu, M., Liu, P., & Bai, K. (2014). Detangling resource management functions from the tcb in privacy-preserving virtualization. In Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings (PART 1 ed., pp. 310-325). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8712 LNCS, No. PART 1). Springer Verlag. https://doi.org/10.1007/978-3-319-11203-9_18
Li, Min ; Zha, Zili ; Zang, Wanyu ; Yu, Meng ; Liu, Peng ; Bai, Kun. / Detangling resource management functions from the tcb in privacy-preserving virtualization. Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings. PART 1. ed. Springer Verlag, 2014. pp. 310-325 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1).
@inproceedings{12540f7440a54abcabc7b58016a1f4ef,
title = "Detangling resource management functions from the tcb in privacy-preserving virtualization",
abstract = "Recent research has developed virtualization architectures to protect the privacy of guest virtual machines. The key technology is to include an access control matrix in the hypervisor. However, existing approaches have either limited functionalities in the hypervisor or a Trusted computing Base (TCB) which is too large to secure. In this paper, we propose a new architecture, MyCloud SEP, to separate resource allocation and management from the hypervisor in order to reduce the TCB size while supporting privacy protection. In our design, the hypervisor checks all resource accesses against an access control matrix in the hypervisor. While providing flexibility of plugging-in resource management modules, the size of TCB is significantly reduced compared with commercial hypervisors. Using virtual disk manager as an example, we implement a prototype on x86 architecture. The performance evaluation results also show acceptable overheads.",
author = "Min Li and Zili Zha and Wanyu Zang and Meng Yu and Peng Liu and Kun Bai",
year = "2014",
month = "1",
day = "1",
doi = "10.1007/978-3-319-11203-9_18",
language = "English (US)",
isbn = "9783319112022",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
number = "PART 1",
pages = "310--325",
booktitle = "Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings",
address = "Germany",
edition = "PART 1",

}

Li, M, Zha, Z, Zang, W, Yu, M, Liu, P & Bai, K 2014, Detangling resource management functions from the tcb in privacy-preserving virtualization. in Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings. PART 1 edn, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 1, vol. 8712 LNCS, Springer Verlag, pp. 310-325, 19th European Symposium on Research in Computer Security, ESORICS 2014, Wroclaw, Poland, 9/7/14. https://doi.org/10.1007/978-3-319-11203-9_18

Detangling resource management functions from the tcb in privacy-preserving virtualization. / Li, Min; Zha, Zili; Zang, Wanyu; Yu, Meng; Liu, Peng; Bai, Kun.

Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings. PART 1. ed. Springer Verlag, 2014. p. 310-325 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8712 LNCS, No. PART 1).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Detangling resource management functions from the tcb in privacy-preserving virtualization

AU - Li, Min

AU - Zha, Zili

AU - Zang, Wanyu

AU - Yu, Meng

AU - Liu, Peng

AU - Bai, Kun

PY - 2014/1/1

Y1 - 2014/1/1

N2 - Recent research has developed virtualization architectures to protect the privacy of guest virtual machines. The key technology is to include an access control matrix in the hypervisor. However, existing approaches have either limited functionalities in the hypervisor or a Trusted computing Base (TCB) which is too large to secure. In this paper, we propose a new architecture, MyCloud SEP, to separate resource allocation and management from the hypervisor in order to reduce the TCB size while supporting privacy protection. In our design, the hypervisor checks all resource accesses against an access control matrix in the hypervisor. While providing flexibility of plugging-in resource management modules, the size of TCB is significantly reduced compared with commercial hypervisors. Using virtual disk manager as an example, we implement a prototype on x86 architecture. The performance evaluation results also show acceptable overheads.

AB - Recent research has developed virtualization architectures to protect the privacy of guest virtual machines. The key technology is to include an access control matrix in the hypervisor. However, existing approaches have either limited functionalities in the hypervisor or a Trusted computing Base (TCB) which is too large to secure. In this paper, we propose a new architecture, MyCloud SEP, to separate resource allocation and management from the hypervisor in order to reduce the TCB size while supporting privacy protection. In our design, the hypervisor checks all resource accesses against an access control matrix in the hypervisor. While providing flexibility of plugging-in resource management modules, the size of TCB is significantly reduced compared with commercial hypervisors. Using virtual disk manager as an example, we implement a prototype on x86 architecture. The performance evaluation results also show acceptable overheads.

UR - http://www.scopus.com/inward/record.url?scp=84906489485&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84906489485&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-11203-9_18

DO - 10.1007/978-3-319-11203-9_18

M3 - Conference contribution

AN - SCOPUS:84906489485

SN - 9783319112022

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 310

EP - 325

BT - Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings

PB - Springer Verlag

ER -

Li M, Zha Z, Zang W, Yu M, Liu P, Bai K. Detangling resource management functions from the tcb in privacy-preserving virtualization. In Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings. PART 1 ed. Springer Verlag. 2014. p. 310-325. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1). https://doi.org/10.1007/978-3-319-11203-9_18