通过内存管理保护客户信息免受恶意操作的云架构

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2014-03-03 DOI:10.1145/2557547.2557585

Koki Murakami, T. Yamada, R. Yamaguchi, M. Goshima, S. Sakai

{"title":"通过内存管理保护客户信息免受恶意操作的云架构","authors":"Koki Murakami, T. Yamada, R. Yamaguchi, M. Goshima, S. Sakai","doi":"10.1145/2557547.2557585","DOIUrl":null,"url":null,"abstract":"We introduce a novel cloud computing architecture that ensures privacy for guest's information and computation. In conventional cloud architecture, a security policy proposed by a provider only ensured the protection of guest's information. This enabled malicious operators to steal or modify guest's information. Our architecture protects guest's information with novel memory management function of hypervisor from malicious operators. Cloud computing generally relies on virtualization, and VMM or hypervisor maintains page table for interfering VM's memory accesses, which is called shadow page table. Our hypervisor regulates memory accesses by management VM by adding a authority bit to shadow page table entry. Our architecture also prohibits a theft of guest's information when it is stored in storage by encrypting data when they leave memory.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"11 1","pages":"155-158"},"PeriodicalIF":0.0000,"publicationDate":"2014-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"A cloud architecture for protecting guest's information from malicious operators with memory management\",\"authors\":\"Koki Murakami, T. Yamada, R. Yamaguchi, M. Goshima, S. Sakai\",\"doi\":\"10.1145/2557547.2557585\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We introduce a novel cloud computing architecture that ensures privacy for guest's information and computation. In conventional cloud architecture, a security policy proposed by a provider only ensured the protection of guest's information. This enabled malicious operators to steal or modify guest's information. Our architecture protects guest's information with novel memory management function of hypervisor from malicious operators. Cloud computing generally relies on virtualization, and VMM or hypervisor maintains page table for interfering VM's memory accesses, which is called shadow page table. Our hypervisor regulates memory accesses by management VM by adding a authority bit to shadow page table entry. Our architecture also prohibits a theft of guest's information when it is stored in storage by encrypting data when they leave memory.\",\"PeriodicalId\":90472,\"journal\":{\"name\":\"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy\",\"volume\":\"11 1\",\"pages\":\"155-158\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-03-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2557547.2557585\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2557547.2557585","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

我们引入了一种新颖的云计算架构，确保客人的信息和计算的隐私。在传统的云架构中，供应商提出的安全策略只能保证对客户信息的保护。这使得恶意的操作员可以窃取或修改客户的信息。我们的架构通过虚拟机管理程序的新颖内存管理功能保护客户信息免受恶意操作。云计算通常依赖于虚拟化，VMM或hypervisor维护着干扰VM内存访问的页表，称为影子页表。我们的虚拟机监控程序通过向影子页表项添加一个权限位来管理VM的内存访问。我们的架构还禁止窃取客人的信息，当它被存储在存储时，通过加密数据，当他们离开内存。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A cloud architecture for protecting guest's information from malicious operators with memory management

We introduce a novel cloud computing architecture that ensures privacy for guest's information and computation. In conventional cloud architecture, a security policy proposed by a provider only ensured the protection of guest's information. This enabled malicious operators to steal or modify guest's information. Our architecture protects guest's information with novel memory management function of hypervisor from malicious operators. Cloud computing generally relies on virtualization, and VMM or hypervisor maintains page table for interfering VM's memory accesses, which is called shadow page table. Our hypervisor regulates memory accesses by management VM by adding a authority bit to shadow page table entry. Our architecture also prohibits a theft of guest's information when it is stored in storage by encrypting data when they leave memory.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy

自引率

0.00%

发文量