TY - JOUR
AU - Jiang, Xuxian
AB -  Isolating Commodity Hosted Hypervisors with HyperLock Zhi Wang Chiachih Wu Michael Grace Xuxian Jiang Department of Computer Science North Carolina State University {zhi wang, cwu10, mcgrace}@ncsu.edu jiang@cs.ncsu.edu Abstract Hosted hypervisors (e.g., KVM) are being widely deployed. One key reason is that they can effectively take advantage of the mature features and broad user bases of commodity operating systems. However, they are not immune to exploitable software bugs. Particularly, due to the close integration with the host and the unique presence underneath guest virtual machines, a hosted hypervisor “ if compromised “ can also jeopardize the host system and completely take over all guests in the same physical machine. In this paper, we present HyperLock, a systematic approach to strictly isolate privileged, but potentially vulnerable, hosted hypervisors from compromising the host OSs. Speci cally, we provide a secure hypervisor isolation runtime with its own separated address space and a restricted instruction set for safe execution. In addition, we propose another technique, i.e., hypervisor shadowing, to ef ciently create a separate shadow hypervisor and pair it with each guest so that a compromised hypervisor can affect only the paired guest, not others. We have built a proof-ofconcept HyperLock prototype to 
TI - Isolating commodity hosted hypervisors with HyperLock
DA - 2012-04-10
UR - https://www.deepdyve.com/lp/association-for-computing-machinery/isolating-commodity-hosted-hypervisors-with-hyperlock-DCchF0pYVG
DP - DeepDyve
ER -