瘦安全管理程序的两步执行机制

2009 Third International Conference on Emerging Security Information, Systems and Technologies Pub Date : 2009-06-18 DOI:10.1109/SECURWARE.2009.27

Manabu Hirano, Takahiro Shinagawa, H. Eiraku, Shoichi Hasegawa, Kazumasa Omote, Kouichi Tanimoto, Takashi Horie, Seiji Mune, Kazuhiko Kato, T. Okuda, Eiji Kawai, S. Yamaguchi

{"title":"瘦安全管理程序的两步执行机制","authors":"Manabu Hirano, Takahiro Shinagawa, H. Eiraku, Shoichi Hasegawa, Kazumasa Omote, Kouichi Tanimoto, Takashi Horie, Seiji Mune, Kazuhiko Kato, T. Okuda, Eiji Kawai, S. Yamaguchi","doi":"10.1109/SECURWARE.2009.27","DOIUrl":null,"url":null,"abstract":"Virtual Machine Monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"A Two-Step Execution Mechanism for Thin Secure Hypervisors\",\"authors\":\"Manabu Hirano, Takahiro Shinagawa, H. Eiraku, Shoichi Hasegawa, Kazumasa Omote, Kouichi Tanimoto, Takashi Horie, Seiji Mune, Kazuhiko Kato, T. Okuda, Eiji Kawai, S. Yamaguchi\",\"doi\":\"10.1109/SECURWARE.2009.27\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Virtual Machine Monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.\",\"PeriodicalId\":382947,\"journal\":{\"name\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECURWARE.2009.27\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECURWARE.2009.27","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

虚拟机监视器(vmm)，也称为管理程序，可用于构建可信计算基础(TCB)，以增强现有操作系统的安全性。基于虚拟机的TCB的复杂性导致存在较高的安全漏洞风险。因此，本文提出了一种两步执行机制来降低基于虚拟机的TCB的复杂性。我们提出了一种方法，将传统的基于vm的TCB分为以下两部分:(1)具有安全服务的瘦管理程序和(2)用于安全预处理的特殊客户机操作系统。可以提前执行执行安全任务的特殊来宾操作系统。关闭特殊来宾操作系统后，虚拟化环境获取预处理安全数据，然后启动需要保护的目标来宾操作系统。因此，建议的两步执行机制可以减少管理程序的运行时代码。本文展示了利用我们开发的基于虚拟机的TCB BitVisor的设计、原型实现和代码行测试结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Two-Step Execution Mechanism for Thin Secure Hypervisors

Virtual Machine Monitors (VMMs), also called hypervisors, can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposes a two-step execution mechanism to reduce the complexity of a VMM-based TCB. We propose a method to separate a conventional VMM-based TCB into the following two parts: (1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guest OS performing security tasks can be executed in advance. After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a target guest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 Third International Conference on Emerging Security Information, Systems and Technologies

自引率

0.00%

发文量