The Community for Technology Leaders
RSS Icon
Issue No.05 - September/October (2008 vol.6)
pp: 16-23
Paul A. Karger , IBM's T.J. Watson Research Center
David R. Safford , IBM's T.J. Watson Research Center
Modern I/O architectures are quite complex, so keeping a virtual machine monitor (VMM), or hypervisor, small is difficult. Many current hypervisors move the large, complex, and sometimes proprietary device drivers out of the VMM into one or more partitions, leading to inherent problems in complexity, security, and performance.
virtual machine monitors, hypervisors, security, I/O performance, I/O security, virtualization
Paul A. Karger, David R. Safford, "I/O for Virtual Machine Monitors: Security and Performance Issues", IEEE Security & Privacy, vol.6, no. 5, pp. 16-23, September/October 2008, doi:10.1109/MSP.2008.119
1. Certification Report for PR/SM LPAR for the IBM System z9 Enterprise Class and the IBM System z9 Business Class, BSI-DSZ-CC-0378-2006, Bundesamt für Sicherheit in der Informationstechnik, 2006; 0378a.pdf.
2. G.J. Popek and C.S. Kline, "The PDP-11 Virtual Machine Architecture: A Case Study," Proc. 5th ACM Symp. Operating Systems Principles, vol. 9, no. 5, 1975, pp. 97–105.
3. M.D. Vahey, A Virtualizer Efficiency Device, master's thesis, Dept. Computer Science, Univ. of California, Los Angeles, 1975.
4. P. Barham et al., "Xen and the Art of Virtualization," Proc. 19th ACM Symp. Operating Systems Principles (SOSP 03), ACM Press, 2003; 2003-xensosp.pdf.
5. B.D. Gold et al., "A Security Retrofit of VM/370," AFIPS Conf. Proc., vol. 48, AFIPS Press, 1979, pp. 335–344.
6. P.A. Karger et al., "A Retrospective on the VAX VMM Security Kernel," IEEE Trans. Software Eng., vol. 17, no. 11, 1991, pp. 1147–1165.
7. T.L. Borden, J.P. Hennessy, and J.W. Rymarczyk, "Multiple Operating Systems on One Processor Complex," IBM Systems J., vol. 28, no. 1, 1989, pp. 104–123.
8. J. Alves-Foss, C. Taylor, and P. Oman, "A Multi-Layered Approach to Security in High Assurance Systems," Proc. 37th Hawaii Int'l Conf. System Sciences, IEEE CS Press, 2004, p. 90302.2b; hicss/2004/2056/09205690302b.pdf.
9. W.M. Vanfleet et al., "MILS: Architecture for High-Assurance Embedded Computing" Crosstalk: J. Defense Software Eng., vol. 18, no. 8, 2005, pp. 12–16; .
10. D.J. Bernstein, "Cache-Timing Attacks on AES," Univ. of Illinois at Chicago, 2005; .
11. C. Percival, Cache Missing for Fun and Profit, 2005;
12. O. Aciiçmez, Ç.K. Koç, and J.-P. Seifert, "On the Power of Simple Branch Prediction Analysis," Proc. ACM Symp. Information, Computer and Communications Security, 2007, pp. 312–320; .
13. O. Aciiçmez, Ç.K. Koç, and J.-P. Seifert, "Predicting Secret Keys via Branch Prediction," Topics in Cryptology—CT-RSA 2007, LNCS 4377, Springer, 2007, pp. 225–242; .
14. P.A. Karger and H. Kurth, "Increased Information Flow Needs for High-Assurance Composite Evaluations," Proc. 2nd IEEE Int'l Information Assurance Workshop, IEEE CS Press, 2004, pp. 129–140.
15. P.A. Karger, "Multi-Level Security Requirements for Hypervisors," Proc. 21st Ann. Computer Security Applications Conf., IEEE CS Press, 2005, pp. 240–248.
16. W.-M. Hu, "Reducing Timing Channels with Fuzzy Time," Proc. 1991 IEEE Symp. Research in Security and Privacy, IEEE Press, 1991, pp. 8–20.
17. K. Bauer et al., "Low-Resource Routing Attacks against Tor," Proc. 2007 ACM Workshop Privacy in Electronic Society, , ACM Press, 2007, pp. 11–20; paperswpes25-bauer.pdf.
18. M.B Schaefer et al., "Program Confinement in KVM/370," Proc. ACM Annual Conf., ACM Press, 1977, pp. 404–410.
19. S.W. Smith and D. Safford, "Practical Server Privacy with Secure Coprocessors," IBM Systems J., vol. 40, no. 3, 2001, pp. 683–695.
20. A. Kivity et al., "KVM: The Linux Virtual Machine Monitor," Proc. Linux Symp., vol. 1, 2007, pp. 225–230; .
21. High-bandwidth Digital Content Protection System, rev. 1.3, Digital Content Protection, 2006; 8006F925-129D-4C12-C87899B5A76EF5C3HDCP_Specification%20Rev1_3.pdf .
22. J. Picciotto and J. Epstein, "A Comparison of Trusted X Security Policies, Architectures, and Interoperability," Proc. 8th Ann. Computer Security Applications Conf., IEEE CS Press, 1992, pp. 142–152.
23. AMD I/O Virtualization Technology (IOMMU) Specification, publication no. 34434, Advanced Micro Devices, 2006; 34434.pdf.
24. J. Humphreys and T. Grieser, "Mainstreaming Server Virtualization: The Intel Approach," IDC, 2006; .
25. AMD64 Virtualization Codenamed "Pacifica" Technology: Secure Virtual Machine Architecture Reference Manual, publication no. 33047, rev. 3.01, Advanced Micro Devices, 2005; 33047.pdf.
26. Intel Virtualization Technology Specification for the IA-32 Intel Architecture, C97063-002, Intel, 2005.
27. J.S. Hall and P.T. Robinson, "Virtualizing the VAX Architecture," Proc. 18th Int'l Symp. Computer Architecture, 1991, pp. 380–389.
28. J. Nakajima and A.K. Mallick, "Hybrid-Virtualization—Enhanced Virtualization for Linux," Proc. Linux Symp., vol. 2, 2007, pp. 87–96; .
29. A. Menon et al., "Diagnosing Performance Overheads in the Xen Virtual Machine Environment," First ACM/Usenix Conf. on Virtual Execution Environments, 2005, pp. 13–23; .
30. X. Zhang et al., "XenSocket: A High-Throughput Interdomain Transport for Virtual Machines," ACM/IFIP/USENIX 8th Int'l Middleware Conf., LNCS 4834, Springer, 2007, pp. 184–203.
31. P.A. Karger, Improving Security and Performance for Capability Systems, Computer Laboratory tech. report no. 149, Univ. of Cambridge, 1988; pages/karger.pubs.html/ $FILEtrthesis.pdf.
2598 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool