The Community for Technology Leaders
RSS Icon
Issue No.05 - September/October (2008 vol.6)
pp: 24-31
Ronald Perez , IBM T.J. Watson Research Center
Leendert van Doorn , Advanced Micro Devices
Reiner Sailer , IBM T.J. Watson Research Center
Hypervisors allow virtualization at the hardware level. These technologies have security-related strengths as well as weaknesses. The authors examine emerging hardware and software virtualization technologies in the context of modern computing environments and requirements.
virtualization, hardware-based security, hypervisors
Ronald Perez, Leendert van Doorn, Reiner Sailer, "Virtualization and Hardware-Based Security", IEEE Security & Privacy, vol.6, no. 5, pp. 24-31, September/October 2008, doi:10.1109/MSP.2008.135
1. R.J. Creasy, "The Origin of the VM/370 Time-Sharing System," IBM J. Research and Development, vol. 25, no. 5, Sept. 1981, pp. 483–490.
2. IBM Processor Resource/Systems Management (PR/SM) Planning Guide, SB10-7036-01, eServer zSeries 990.
3. J.P. Anderson et al., Computer Security Technology Planning Study, tech. report ESD-TR-73-51, vols. I and II, Air Force Systems Command, USAF, 1972.
4. P.A. Karger et al., "A Retrospective on the VAX VMM Security Kernel," IEEE Trans. Software Eng., vol. 17, no. 11, Nov. 1991, pp. 1147–1165.
5. B.D. Gold, R.R. Linde, and P.F. Cudney, "KVM/370 in Retrospect," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 1984, pp. 13–23.
6. J.S. Robin and C.E. Irvine, "Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor," Proc. 9th Usenix Security Symp., Usenix Assoc., 2000, p. 10.
7. Intel, Intel 64 and IA-32 Architectures Software Developer's Manual, Volume 3B: System Programming Guide,
8. AMD, AMD64 Architecture Programmer's Manual, Volume 2: System Programming, Pagesdefault.aspx.
9. W.J. Armstrong et al., "Advanced Virtualization Capabilities of Power5 Systems," IBM J. Research and Development, vol. 49, nos. 4/5, 2005, pp. 523–532.
10. Advanced Micro Devices, AMD I/O Virtualization Technology (IOMMU) Specification, 2006; 34434.pdf
11. D. Grawrock, The Intel Safer Computing Initiative: Building Blocks for Trusted Computing, Intel Press, 2006.
12. M. LaPedus, "AMD Tips 'Pacifica' and 'Presidio' Processors for '06," Nov. 2004; .
13. Trusted Computing Group, TCG Specification Architecture Overview, revision 1.2, Apr. 2004; .
14. R. Sailer et al., "Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor," Proc. 21st Ann. Computer Security Applications Conf. (ACSAC), IEEE CS Press, 2005, pp. 276–285.
15. P. Barham et al., "Xen and the Art of Virtualization," Proc. 19th ACM Symp. Operating Systems Principles, ACM Press, 2003, pp. 164–177.
16. R. Sailer et al., "Design and Implementation of a TCG-based Integrity Measurement Architecture," Proc. 13th Usenix Security Symp., Usenix Assoc., 2004, pp. 223–238.
17. S. Berger et al., "TVDc: Managing Security in the Trusted Virtual Datacenter," ACM SIGOPS Operating Systems Rev., vol. 42, no. 1, 2008, pp. 40–47.
18. J. Dyer et al., "Building the IBM 4758 Secure Cryptographic Coprocessor," Computer, Oct. 2001, pp. 57–66.
19. S. Berger et al., "vTPM—Virtualizing the Trusted Platform Module," Proc. 15thUsenix Security Symp., Usenix Assoc., 2006, pp. 305–320.
20. T. Garfinkel et al., "Terra: A Virtual Machine-based Platform for Trusted Computing," Proc. ACM Symp. Operating System Principles, ACM Press, 2003, pp. 193–206.
434 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool