Yue-hua Dai, Xiaoguang Wang, Yi Shi, Jianbao Ren, Yong Qi
{"title":"为安全的云隔离安全的执行环境","authors":"Yue-hua Dai, Xiaoguang Wang, Yi Shi, Jianbao Ren, Yong Qi","doi":"10.1109/ICCChina.2012.6356995","DOIUrl":null,"url":null,"abstract":"The use of virtualization in cloud computing is becoming more and more popular. Cloud service providers leverage virtualization technology to multiplex hardware resource, consolidate servers, and provide a rounded executing environment to remote cloud users. However, the current executing environment the cloud provides is not trustable. For a user's computing environment faces threats from other malicious cloud users who aim at attacking the whole underlying virtualization software (virtual machine monitor, VMM, or hypervisor). In this paper, we make an analysis of the potential threat to a commodity hyper-visor, and propose architecture for safe executing environment on hardware-sharing platform. The main ideas of our architecture are: removal of interaction between hypervisor and executing environment; attestation of the initial environment state to remote user. To prove the effectiveness of our architecture, we build a prototype system which can create multiple secure isolated executing environment on current multi-core x86 hardware. The final evaluation shows that with current commodity virtualization techniques, we can provide a safe executing environment for remote cloud users with no performance overhead.","PeriodicalId":154082,"journal":{"name":"2012 1st IEEE International Conference on Communications in China (ICCC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Isolate secure executing environment for a safe cloud\",\"authors\":\"Yue-hua Dai, Xiaoguang Wang, Yi Shi, Jianbao Ren, Yong Qi\",\"doi\":\"10.1109/ICCChina.2012.6356995\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The use of virtualization in cloud computing is becoming more and more popular. Cloud service providers leverage virtualization technology to multiplex hardware resource, consolidate servers, and provide a rounded executing environment to remote cloud users. However, the current executing environment the cloud provides is not trustable. For a user's computing environment faces threats from other malicious cloud users who aim at attacking the whole underlying virtualization software (virtual machine monitor, VMM, or hypervisor). In this paper, we make an analysis of the potential threat to a commodity hyper-visor, and propose architecture for safe executing environment on hardware-sharing platform. The main ideas of our architecture are: removal of interaction between hypervisor and executing environment; attestation of the initial environment state to remote user. To prove the effectiveness of our architecture, we build a prototype system which can create multiple secure isolated executing environment on current multi-core x86 hardware. The final evaluation shows that with current commodity virtualization techniques, we can provide a safe executing environment for remote cloud users with no performance overhead.\",\"PeriodicalId\":154082,\"journal\":{\"name\":\"2012 1st IEEE International Conference on Communications in China (ICCC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 1st IEEE International Conference on Communications in China (ICCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCChina.2012.6356995\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 1st IEEE International Conference on Communications in China (ICCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCChina.2012.6356995","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Isolate secure executing environment for a safe cloud
The use of virtualization in cloud computing is becoming more and more popular. Cloud service providers leverage virtualization technology to multiplex hardware resource, consolidate servers, and provide a rounded executing environment to remote cloud users. However, the current executing environment the cloud provides is not trustable. For a user's computing environment faces threats from other malicious cloud users who aim at attacking the whole underlying virtualization software (virtual machine monitor, VMM, or hypervisor). In this paper, we make an analysis of the potential threat to a commodity hyper-visor, and propose architecture for safe executing environment on hardware-sharing platform. The main ideas of our architecture are: removal of interaction between hypervisor and executing environment; attestation of the initial environment state to remote user. To prove the effectiveness of our architecture, we build a prototype system which can create multiple secure isolated executing environment on current multi-core x86 hardware. The final evaluation shows that with current commodity virtualization techniques, we can provide a safe executing environment for remote cloud users with no performance overhead.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
