Detangling resource management functions from the tcb in privacy-preserving virtualization

Min Li, Zili Zha, Wanyu Zang, Meng Yu, Peng Liu, Kun Bai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Recent research has developed virtualization architectures to protect the privacy of guest virtual machines. The key technology is to include an access control matrix in the hypervisor. However, existing approaches have either limited functionalities in the hypervisor or a Trusted computing Base (TCB) which is too large to secure. In this paper, we propose a new architecture, MyCloud SEP, to separate resource allocation and management from the hypervisor in order to reduce the TCB size while supporting privacy protection. In our design, the hypervisor checks all resource accesses against an access control matrix in the hypervisor. While providing flexibility of plugging-in resource management modules, the size of TCB is significantly reduced compared with commercial hypervisors. Using virtual disk manager as an example, we implement a prototype on x86 architecture. The performance evaluation results also show acceptable overheads.

Original languageEnglish (US)
Title of host publicationComputer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings
PublisherSpringer Verlag
Pages310-325
Number of pages16
EditionPART 1
ISBN (Print)9783319112022
DOIs
StatePublished - Jan 1 2014
Event19th European Symposium on Research in Computer Security, ESORICS 2014 - Wroclaw, Poland
Duration: Sep 7 2014Sep 11 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 1
Volume8712 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other19th European Symposium on Research in Computer Security, ESORICS 2014
CountryPoland
CityWroclaw
Period9/7/149/11/14

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Detangling resource management functions from the tcb in privacy-preserving virtualization'. Together they form a unique fingerprint.

  • Cite this

    Li, M., Zha, Z., Zang, W., Yu, M., Liu, P., & Bai, K. (2014). Detangling resource management functions from the tcb in privacy-preserving virtualization. In Computer Security, ESORICS 2014 - 19th European Symposium on Research in Compter Security, Proceedings (PART 1 ed., pp. 310-325). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8712 LNCS, No. PART 1). Springer Verlag. https://doi.org/10.1007/978-3-319-11203-9_18