{"title":"UVBond:支持用户与虚拟机的强绑定,用于半信任云环境下的安全远程管理","authors":"Keisuke Inokuchi, Kenichi Kourai","doi":"10.1109/UCC.2018.00030","DOIUrl":null,"url":null,"abstract":"In Infrastructure-as-a-Service (IaaS) clouds, remote users access provided virtual machines (VMs) via the management server. The management server is managed by cloud operators, but not all the cloud operators are trusted in semi-trusted clouds. They can execute arbitrary management commands to users' VMs and redirect users' commands to malicious VMs, which is called the VM redirection attack. The root cause is that the binding of users to VMs is weak. In other words, it is difficult to enforce the execution of only users' management commands to their VMs. In this paper, we propose UVBond for strongly binding users to their VMs to solve this problem. UVBond boots user's VM by decrypting its encrypted disk inside the trusted hypervisor. Then it issues a VM descriptor to securely identify that VM. To bridge the semantic gap between high-level management commands and low-level hypercalls, UVBond uses hypercall automata, which accept the sequences of hypercalls issued by commands. We have implemented UVBond in Xen and confirmed that a VM descriptor and hypercall automata prevented attacks and that the overhead was not large.","PeriodicalId":288232,"journal":{"name":"2018 IEEE/ACM 11th International Conference on Utility and Cloud Computing (UCC)","volume":"3 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"UVBond: Strong User Binding to VMs for Secure Remote Management in Semi-Trusted Clouds\",\"authors\":\"Keisuke Inokuchi, Kenichi Kourai\",\"doi\":\"10.1109/UCC.2018.00030\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In Infrastructure-as-a-Service (IaaS) clouds, remote users access provided virtual machines (VMs) via the management server. The management server is managed by cloud operators, but not all the cloud operators are trusted in semi-trusted clouds. They can execute arbitrary management commands to users' VMs and redirect users' commands to malicious VMs, which is called the VM redirection attack. The root cause is that the binding of users to VMs is weak. In other words, it is difficult to enforce the execution of only users' management commands to their VMs. In this paper, we propose UVBond for strongly binding users to their VMs to solve this problem. UVBond boots user's VM by decrypting its encrypted disk inside the trusted hypervisor. Then it issues a VM descriptor to securely identify that VM. To bridge the semantic gap between high-level management commands and low-level hypercalls, UVBond uses hypercall automata, which accept the sequences of hypercalls issued by commands. We have implemented UVBond in Xen and confirmed that a VM descriptor and hypercall automata prevented attacks and that the overhead was not large.\",\"PeriodicalId\":288232,\"journal\":{\"name\":\"2018 IEEE/ACM 11th International Conference on Utility and Cloud Computing (UCC)\",\"volume\":\"3 4\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE/ACM 11th International Conference on Utility and Cloud Computing (UCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/UCC.2018.00030\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE/ACM 11th International Conference on Utility and Cloud Computing (UCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/UCC.2018.00030","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
UVBond: Strong User Binding to VMs for Secure Remote Management in Semi-Trusted Clouds
In Infrastructure-as-a-Service (IaaS) clouds, remote users access provided virtual machines (VMs) via the management server. The management server is managed by cloud operators, but not all the cloud operators are trusted in semi-trusted clouds. They can execute arbitrary management commands to users' VMs and redirect users' commands to malicious VMs, which is called the VM redirection attack. The root cause is that the binding of users to VMs is weak. In other words, it is difficult to enforce the execution of only users' management commands to their VMs. In this paper, we propose UVBond for strongly binding users to their VMs to solve this problem. UVBond boots user's VM by decrypting its encrypted disk inside the trusted hypervisor. Then it issues a VM descriptor to securely identify that VM. To bridge the semantic gap between high-level management commands and low-level hypercalls, UVBond uses hypercall automata, which accept the sequences of hypercalls issued by commands. We have implemented UVBond in Xen and confirmed that a VM descriptor and hypercall automata prevented attacks and that the overhead was not large.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
