research-article

BitVisor: a thin hypervisor for enforcing i/o device security

Authors:
Takahiro Shinagawa

University of Tsukuba, Tsukuba, Ibaraki, Japan

University of Tsukuba, Tsukuba, Ibaraki, Japan
View Profile

,
Hideki Eiraku

University of Tsukuba, Tsukuba, Ibaraki, Japan

University of Tsukuba, Tsukuba, Ibaraki, Japan
View Profile

,
Kouichi Tanimoto

University of Tsukuba, Tsukuba, Ibaraki, Japan

University of Tsukuba, Tsukuba, Ibaraki, Japan
View Profile

,
Kazumasa Omote

Japan Advanced Institute of Science and Technology, Nomi, Ishikawa, Japan

Japan Advanced Institute of Science and Technology, Nomi, Ishikawa, Japan
View Profile

,
Shoichi Hasegawa

University of Tsukuba, Tsukuba, Ibaraki, Japan

University of Tsukuba, Tsukuba, Ibaraki, Japan
View Profile

,
Takashi Horie

University of Tsukuba, Tsukuba, Ibaraki, Japan

University of Tsukuba, Tsukuba, Ibaraki, Japan
View Profile

,
Manabu Hirano

Toyota National College of Technology, Toyota, Aichi, Japan

Toyota National College of Technology, Toyota, Aichi, Japan
View Profile

,
Kenichi Kourai

Kyushu Institute of Technology, Kitakyushu, Fukuoka, Japan

Kyushu Institute of Technology, Kitakyushu, Fukuoka, Japan
View Profile

,
Yoshihiro Oyama

University of Electro-Communications, Chofu, Tokyo, Japan

University of Electro-Communications, Chofu, Tokyo, Japan
View Profile

,
Eiji Kawai

Nara Institute of Science and Technology, Ikoma, Nara, Japan

Nara Institute of Science and Technology, Ikoma, Nara, Japan
View Profile

,
Kenji Kono

Keio University, Yokohama, Kanagawa, Japan

Keio University, Yokohama, Kanagawa, Japan
View Profile

,
Shigeru Chiba

Tokyo Institute of Technology, Meguro, Tokyo, Japan

Tokyo Institute of Technology, Meguro, Tokyo, Japan
View Profile

,
Yasushi Shinjo

University of Tsukuba, Tsukuba, Ibaraki, Japan

University of Tsukuba, Tsukuba, Ibaraki, Japan
View Profile

,
Kazuhiko Kato

University of Tsukuba, Tsukuba, Ibaraki, Japan

University of Tsukuba, Tsukuba, Ibaraki, Japan
View Profile

VEE '09: Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environmentsMarch 2009Pages 121–130https://doi.org/10.1145/1508293.1508311

Published:11 March 2009Publication History

VEE '09: Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Pages 121–130

ABSTRACT

Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing various security functionalities. However, traditional VMMs require numerous components for providing virtual hardware devices and for sharing and protecting system resources among virtual machines (VMs), enlarging the code size of and reducing the reliability of the VMMs.

This paper introduces a hypervisor architecture, called parapass-through, designed to minimize the code size of hypervisors by allowing most of the I/O access from the guest operating system (OS) to pass-through the hypervisor, while the minimum access necessary to implement security functionalities is completely mediated by the hypervisor. This architecture uses device drivers of the guest OS to handle devices, thereby reducing the size of components in the hypervisor to provide virtual devices. This architecture also allows to run only single VM on it, eliminating the components for sharing and protecting system resources among VMs.

We implemented a hypervisor called BitVisor and a parapass-through driver for enforcing storage encryption of ATA devices based on the parapass-through architecture. The experimental result reveals that the hypervisor and ATA driver require approximately 20 kilo lines of code (KLOC) and 1.4 KLOC respectively.

References

Mohit Aron and Peter Druschel. Soft timers: efficient microsecond software timer support for network processing. In Proc. of the 17th ACM Symposium on Operating Systems Principles, pages 232--246, December 1999. Google ScholarDigital Library
Kurniadi Asrigo, Lionel Litty, and David Lie. Using vmm-based sensors to monitor honeypots. In Proc. of the 2nd International Conference on Virtual Execution Environments, pages 13--23, June 2006. Google ScholarDigital Library
Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the art of virtualization. In Proc. of the 19th ACM Symposium on Operating Systems Principles, pages 164--177, October 2003. Google ScholarDigital Library
Peter M. Chen and Brian D. Noble. When virtual is better than real. In Proc. of the 8th Workshop on Hot Topics in Operating Systems (HotOS-VIII), pages 133--138, May 2001. Google ScholarDigital Library
Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R.K. Ports. Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In Proc. of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 2--13, March 2008. Google ScholarDigital Library
Andy Chou, Junfeng Yang, Benjamin Chelf, and Dawson Engler. An empirical study of operating systems errors. In Proc. of the 18th ACM Symposium on Operating Systems Principles, pages 73--88, October 2001. Google ScholarDigital Library
Advanced Micro Devices. AMD64 architecture programmer's manual volume 2: System programming rev 3--14, September 2007.Google Scholar
Vinod Ganapathy, Matthew J. Renzelmann, Arini Balakrishnan, Michael M. Swift, and Somesh Jha. The design and implementation of microdrivers. In Proc. of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 168--178, March 2008. Google ScholarDigital Library
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. Terra: A virtual machine-based platform for trusted computing. In Proc. of the 19th ACM Symposium on Operating Systems Principles, pages 193--206, October 2003. Google ScholarDigital Library
Ian Goldberg, David Wagner, Randi Thomas, and Eric A. Brewer. A secure environment for untrusted helper applications. In Proc. of the 6th USENIX Security Symposium, July 1996. Google ScholarDigital Library
R. Goldberg. Architectural Principles for Virtual Computer Systems. PhD thesis, Harvard University, February 1973.Google Scholar
IEEE. IEEE standard for cryptographic protection of data on blockoriented storage devices, April 2008. IEEE Std 1619-2007.Google Scholar
Stephen T. Jones, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. Vmm-based hidden process detection and identification using lycosid. In Proc. of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pages 91--100, March 2008. Google ScholarDigital Library
Kenichi Kourai and Shigeru Chiba. HyperSpector: Virtual distributed monitoring environments for secure intrusion detection. In Proc. of the 1st ACM/USENIX International Conference on Virtual Execution Environments, pages 197--207, June 2005. Google ScholarDigital Library
Jiuxing Liu, Wei Huang, Bulent Abali, and Dhabaleswar K. Panda. High performance vmm--bypass i/o in virtual machines. In Proc. of the 2006 USENIX Annual Technical Conference, pages 29--42, May/June 2006. Google ScholarDigital Library
David E. Lowell, Yasushi Saito, and Eileen J. Samberg. Devirtualizable virtual machines enabling general, single-node, online maintenance. In Proc. of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 211--233, October 2004. Google ScholarDigital Library
Larry McVoy and Carl Staelin. lmbench: Portable tools for performance analysis. In Proc. of the 1996 USENIX Annual Technical Conference, January 1996. Google ScholarDigital Library
R. Meushaw and D. Simard. Nettop: Commercial technology in high assurance applications, 2000.Google Scholar
Junichi Murakami. A hypervisor IPS based on hardware assisted virtualization technology. In Black Hat USA 2008, August 2008.Google Scholar
Derek G. Murray, Grzegorz Milos, and Steven Hand. Improving xen security through disaggregation. In Proc. of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pages 151--160, March 2008. Google ScholarDigital Library
Gil Neiger, Amy Santoni, Felix Leung, Dion Rodgers, and Rich Uhlig. Intel virtualization technology: Hardware support for efficient processor virtualization. Intel Technology Journal, 10(03):167--177, August 2006.Google ScholarCross Ref
Mahendra Ramachandran, Ned Smith, Matthew Wood, Sharad Garg, Jim Stanley, Eswar Eduri, Rinat Rappoport, Arie Chobotaro, Carl Klotz, and Lori Janz. New client virtualization usage models using intel virtualization technology. Intel Technology Journal, 10(03):205--216, August 2006.Google ScholarCross Ref
John Scott Robin. Analysis of the intel pentium's ability to support a secure virtual machine monitor. In Proc. of the 9th USENIX Security Symposium, August 2000. Google ScholarDigital Library
Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278--1308, September 1975.Google ScholarCross Ref
Arvind Seshadri, Mark Luk, Ning Qu, and Adrian Perrig. SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In Proc. of the 21st ACM Symposium on Operating Systems Principles, pages 335--350, October 2007. Google ScholarDigital Library
Jeffrey Shafer, David Carr, Aravind Menon, Scott Rixner, Alan L. Cox, Willy Zwaenepoel, and Paul Willmann. Concurrent direct network access for virtual machine monitors. In Proc. of the IEEE 13th International Symposium on High Performance Computer Architecture, pages 306--317, February 2007. Google ScholarDigital Library
Lenin Singaravelu, Calton Pu, Hermann Härtig, and Christian Helmuth. Reducing TCB complexity for security-sensitive applications: Three case studies. In Proc. of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems, pages 161--174, April 2006. Google ScholarDigital Library
VMWare. Vmware esx server virtual infrastructure node evaluator's guide, November 2005. http://www.vmware.com/pdf/esx_vin_eval.pdf.Google Scholar
David A. Wheeler. Counting source lines of code (sloc). http://www.dwheeler.com/sloc/.Google Scholar
Jisoo Yang and Kang G. Shin. Using hypervisor to provide data secrecy for user applications on a per-page basis. In Proc. of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pages 71--80, March 2008. Google ScholarDigital Library

Index Terms

BitVisor: a thin hypervisor for enforcing i/o device security
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Xen and the art of virtualization
SOSP '03

Numerous systems have been designed which use virtualization to subdivide the ample resources of a modern computer. Some require specialized hardware, or cannot support commodity operating systems. Some target 100% binary compatibility at the expense of ...
Read More
Securing virtual machine monitors: what is needed?
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security

It is widely believed that the use of a virtual machine monitor (VMM) is at least as secure, if not more secure than separate systems. A recent Information Week survey [6] reports that 55% of responding business technology professionals believe that a ...
Read More
Xen and the art of virtualization
SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles

Numerous systems have been designed which use virtualization to subdivide the ample resources of a modern computer. Some require specialized hardware, or cannot support commodity operating systems. Some target 100% binary compatibility at the expense of ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
VEE '09: Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
March 2009
148 pages
ISBN:9781605583754
DOI:10.1145/1508293
General Chair:
Antony Hosking
Purdue University, USA
,
Program Chairs:
David Bacon
IBM Research, USA
,
Orran Krieger
VMware, USA
Copyright © 2009 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 March 2009
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
hypervisors
parapass-through
shadow dma descriptor
trusted computing base
virtual machine monitors
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate80of235submissions,34%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 125
  Total Citations
  View Citations
- 2,378
  Total Downloads
- Downloads (Last 12 months)81
- Downloads (Last 6 weeks)7
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.