Virtualization Based Secure Execution and Testing Framework
نویسندگان
چکیده
Computer security aims at protecting confidentiality, integrity, and availability of sensitive information that are processed, used, or stored by computing systems. Computer scientists working in the field of computer security have successfully designed and developed software and hardware mechanisms to provide security in modern day computing devices. As compared to hardware security mechanisms, software-only security mechanisms are easy to implement and patch. But software-only security mechanisms cannot ensure protection against hardware-based attacks, thus rendering them vulnerable to such attacks. Hardware mechanism such as secure architectures aim to root the trust of the security solution in the hardware architecture. These security architectures typically deploy security mechanisms like encryption/decryption to protect confidentiality and hashing to protect data integrity. Though the security provided by hardware secure architectures is reliably high, they require modifications to the processor micro-architecture. Any changes to the micro-architecture is an extremely costly and time consuming process. Also, testing these hardware secure architectures is difficult as it requires testing the complete system including hardware, software and applications. Recently, virtualization has emerged to be an efficient and cost effective technology that allows emulating hardware mechanisms. It also enables emulating new hardware features in a virtualized environment. This makes the task of testing security architectures efficient and easy. In this paper, we use a virtualization software to build a Virtualization Based Secure Execution and Testing Framework for testing hardware secure architectures. Our framework provides a mechanism to plug-in secure architectures and monitor or test the system behavior by performing attacks on it.
منابع مشابه
Virtualization Based Security Framework (vBASE)
In general, computer security aims at providing confidentiality, integrity and availability to computing systems. Traditionally, researchers in the fields of computer security have used software and hardware mechanisms for implementing security in computing systems. Software only security approaches typically deal with application level and Operating System (OS) level security mechanisms. Thoug...
متن کاملSecPod: a Framework for Virtualization-based Security Systems
The OS kernel is critical to the security of a computer system. Many systems have been proposed to improve its security. A fundamental weakness of those systems is that page tables, the data structures that control the memory protection, are not isolated from the vulnerable kernel, and thus subject to tampering. To address that, researchers have relied on virtualization for reliable kernel memo...
متن کاملSecure-Turtles: Building a Secure Execution Environment for Guest VMs on Turtles System
We propose Secure-Turtle, a secure nested virtual system based on Turtles system, which provides a secure execution environment for the L2 guest VM. In particular, Secure-Turtles system builds a trust chain from L0 host hypervisor, L1 guest hypervisor, qemu-kvm daemon to L2 guest VM. Through this security chain, Secure-Turtles can protect L2 guest VM against attacks form the L1 user mode, even ...
متن کاملAn Energy-Efficient Virtualization-Based Secure Platform for Protecting Sensitive User Data
Currently, the exchange cycles of various computers, smartphones, tablets, and others have become shorter, because new high-performance devices continue to roll out rapidly. However, existing legacy devices are not old-fashioned or obsolete to use. From the perspective of sustainable information technology (IT), energy-efficient virtualization can apply a way to increase reusability for special...
متن کاملDesign and Implementation of a Xen-Based Execution Environment∗
Virtualization is a concept that one cannot think away from computer science anymore. Preface In the last few years the remote execution of applications has gained more and more on importance. This is due to the fact that paradigms like grid computing have been developed. The computation power that is required by a scientist to execute a complex simulation need not to be locally available anymo...
متن کامل