Title :
Secure MMU: Architectural support for memory isolation among virtual machines
Author :
Jin, Seongwook ; Huh, Jaehyuk
Author_Institution :
Comput. Sci., KAIST (Korea Adanced Inst. of Sci. & Technol.), Daejeon, South Korea
Abstract :
In conventional virtualized systems, a hypervisor can access the memory pages of guest virtual machines without any restriction, as the hypervisor has a full control over the address translation mechanism. In this paper, we propose Secure MMU, a hardware-based mechanism to isolate the memory of guest virtual machines from unauthorized accesses even from the hypervisor. The proposed mechanism extends the current nested paging support for virtualization with a small hardware cost. With Secure MMU, the hypervisor can flexibly allocate physical memory pages to virtual machines for resource management, but update nested page tables only through the secure hardware mechanism, which verifies each mapping change. With the hardware-rooted memory isolation among virtual machines, the memory of a virtual machine in cloud computing can be securely protected from a compromised hypervisor or co-tenant virtual machines.
Keywords :
authorisation; cloud computing; resource allocation; storage allocation; virtual machines; virtual storage; virtualisation; address translation mechanism; cloud computing; cotenant virtual machine; guest virtual machines; hardware rooted memory isolation; hypervisor; mapping change verification; nested paging support; physical memory page allocation; resource management; secure MMU; secure hardware mechanism; unauthorized access; virtualization; Cryptography; Hardware; Memory management; Program processors; Registers; Virtual machine monitors; Virtual machining;
Conference_Titel :
Dependable Systems and Networks Workshops (DSN-W), 2011 IEEE/IFIP 41st International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4577-0374-4
Electronic_ISBN :
978-1-4577-0373-7
DOI :
10.1109/DSNW.2011.5958816
