Title :
A Trusted Virtual Machine in an Untrusted Management Environment
Author :
Li, Chunxiao ; Raghunathan, Anand ; Jha, Niraj K.
Author_Institution :
Dept. of Electr. Eng., Princeton Univ., Princeton, NJ, USA
Abstract :
Virtualization is a rapidly evolving technology that can be used to provide a range of benefits to computing systems, including improved resource utilization, software portability, and reliability. Virtualization also has the potential to enhance security by providing isolated execution environments for different applications that require different levels of security. For security-critical applications, it is highly desirable to have a small trusted computing base (TCB), since it minimizes the surface of attacks that could jeopardize the security of the entire system. In traditional virtualization architectures, the TCB for an application includes not only the hardware and the virtual machine monitor (VMM), but also the whole management operating system (OS) that contains the device drivers and virtual machine (VM) management functionality. For many applications, it is not acceptable to trust this management OS, due to its large code base and abundance of vulnerabilities. For example, consider the "computing-as-a-service” scenario where remote users execute a guest OS and applications inside a VM on a remote computing platform. It would be preferable for many users to utilize such a computing service without being forced to trust the management OS on the remote platform. In this paper, we address the problem of providing a secure execution environment on a virtualized computing platform under the assumption of an untrusted management OS. We propose a secure virtualization architecture that provides a secure runtime environment, network interface, and secondary storage for a guest VM. The proposed architecture significantly reduces the TCB of security-critical guest VMs, leading to improved security in an untrusted management environment. We have implemented a prototype of the proposed approach using the Xen virtualization system, and demonstrated how it can be used to facilitate secure remote computing services. We evaluate the performance penalties incurre- by the proposed architecture, and demonstrate that the penalties are minimal.
Keywords :
network interfaces; operating systems (computers); resource allocation; security of data; software reliability; trusted computing; virtual machines; virtualisation; TCB; VM management functionality; VMM; Xen virtualization system; code base; computing system; computing-as-a-service; device driver; management OS; management operating system; network interface; reliability; remote computing platform; remote computing service; resource utilization; secondary storage; secure execution environment; secure runtime environment; secure virtualization architecture; security-critical application; software portability; trusted computing base; trusted virtual machine; untrusted management environment; virtual machine management; virtual machine monitor; virtualized computing platform; Cloud computing; Computer security; Driver circuits; Memory management; Virtual machine monitors; Virtual machine; cloud computing; computing-as-a-service; memory protection; trusted computing base;
Journal_Title :
Services Computing, IEEE Transactions on
DOI :
10.1109/TSC.2011.30
