Blind hypervision to protect virtual machine privacy against hypervisor escape vulnerabilities

Blind hypervision to protect virtual machine privacy against hypervisor escape vulnerabilities

Hypervision is being widely implemented in an effort to control costs and to simplify management through consolidation of servers. It has been recently unraveled that well over a third of virtualization vulnerabilities reside in the hyper-visor, mostly due to hypervisor escape. The exploitation of t...

Full description

Saved in:
Bibliographic Details
Published in:2015 IEEE 13th International Conference on Industrial Informatics (INDIN) pp. 1394 - 1399
Main Authors: Dubrulle, P., Sirdey, R., Dore, P., Aichouch, M., Ohayon, E.
Format: Conference Proceeding
Language:English
Published: IEEE 01-07-2015
Subjects:
Hardware
Loading
Memory management
Registers
Software
Virtual machine monitors
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Hypervision is being widely implemented in an effort to control costs and to simplify management through consolidation of servers. It has been recently unraveled that well over a third of virtualization vulnerabilities reside in the hyper-visor, mostly due to hypervisor escape. The exploitation of these vulnerabilities allows an attacker, among other things, to access and/or modify data of other Virtual Machines (VMs) by escaping from its VM and executing malicious code in the hypervisor. This paper introduces the general idea of blind hypervision, a hardware/software co-design to prevent such attackers to access private elements of other VMs. Blind hypervision limits the rights of the hypervisor regarding memory access, so that a malicious agent executing with hypervisor rights cannot access the data of the VMs.
ISSN:1935-4576
2378-363X
DOI:10.1109/INDIN.2015.7281938