|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
2009 Third International Conference on Emerging Security Information, Systems and Technologies
A Two-Step Execution Mechanism for Thin Secure Hypervisors
Athens/Glyfada, Greece
June 18-June 23
ISBN: 978-0-7695-3668-2
| ASCII Text | x | ||
| Manabu Hirano, Takahiro Shinagawa, Hideki Eiraku, Shoichi Hasegawa, Kazumasa Omote, Koichi Tanimoto, Takashi Horie, Seiji Mune, Kazuhiko Kato, Takeshi Okuda, Eiji Kawai, Suguru Yamaguchi, "A Two-Step Execution Mechanism for Thin Secure Hypervisors," 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies, pp. 129-135, 2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009. | |||
| BibTex | x | ||
| @article{ 10.1109/SECURWARE.2009.27, author = {Manabu Hirano and Takahiro Shinagawa and Hideki Eiraku and Shoichi Hasegawa and Kazumasa Omote and Koichi Tanimoto and Takashi Horie and Seiji Mune and Kazuhiko Kato and Takeshi Okuda and Eiji Kawai and Suguru Yamaguchi}, title = {A Two-Step Execution Mechanism for Thin Secure Hypervisors}, journal ={2010 Fourth International Conference on Emerging Security Information, Systems and Technologies}, volume = {0}, year = {2009}, isbn = {978-0-7695-3668-2}, pages = {129-135}, doi = {http://doi.ieeecomputersociety.org/10.1109/SECURWARE.2009.27}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies TI - A Two-Step Execution Mechanism for Thin Secure Hypervisors SN - 978-0-7695-3668-2 SP129 EP135 A1 - Manabu Hirano, A1 - Takahiro Shinagawa, A1 - Hideki Eiraku, A1 - Shoichi Hasegawa, A1 - Kazumasa Omote, A1 - Koichi Tanimoto, A1 - Takashi Horie, A1 - Seiji Mune, A1 - Kazuhiko Kato, A1 - Takeshi Okuda, A1 - Eiji Kawai, A1 - Suguru Yamaguchi, PY - 2009 KW - Virtual machine monitor KW - VMM KW - Hypervisor KW - Security KW - Trusted Computing Base KW - TCB KW - ID management KW - VL - 0 JA - 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies ER - | |||
Virtual Machine Monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.
Index Terms:
Virtual machine monitor, VMM, Hypervisor, Security, Trusted Computing Base, TCB, ID management,
Citation:
Manabu Hirano, Takahiro Shinagawa, Hideki Eiraku, Shoichi Hasegawa, Kazumasa Omote, Koichi Tanimoto, Takashi Horie, Seiji Mune, Kazuhiko Kato, Takeshi Okuda, Eiji Kawai, Suguru Yamaguchi, "A Two-Step Execution Mechanism for Thin Secure Hypervisors," securware, pp.129-135, 2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009
Usage of this product signifies your acceptance of the Terms of Use.