log in  |  register  |  feedback?  |  help  |  web accessibility
Logo
Secure Virtualization for Dependable Cloud Services
Eric Keller - University of Pennsylvania
4172 A.V. Williams Building (AVW)
Wednesday, March 14, 2012, 11:00 am-12:00 pm Calendar
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)
Abstract

As we increase our dependence on the network and networked services, 
the security and reliability of the underlying infrastructure becomes 
increasingly important.  In this talk I will first discuss, using 
examples from our work, how virtualization technology can play (and 
already is playing) a great role in improving the end-to-end 
infrastructure of networked services -- including the wireless 
infrastructure people use to connect to the network, the core Internet 
which enables global communication, and the data centers hosting the 
services.

Unfortunately, while virtualization as a concept has great security 
properties, realizing the ideal in practice is difficult.  To illustrate 
this I will discuss hosted cloud computing infrastructures, where a key 
underlying technology is virtualization.  In these infrastructures, the 
virtualization layer is quite complex and forms a very large trusted 
computing base that is practically impossible to ship without bugs. 
A malicious virtual machine (VM) can exploit these bugs to attack the 
virtualization software. Exploiting such an attack vector would give 
the attacker the ability to obstruct or access other virtual machines 
and therefore breach confidentiality, integrity, and availability of 
the other virtual machines' code or data.

I will present our NoHype architecture where we eliminated the attack 
surface by going to the extreme of removing the virtualization layer 
altogether, without sacrificing the key features enabled by virtualization 
as used in cloud computing infrastructures.  As part of booting the VM, 
NoHype allocates processor cores, physical memory pages, and virtual 
network interface cards (NICs) to the guest VM, and performs all necessary 
system discovery. This obviates the need for guest VMs to perform 
"VM exits" to access services normally provided by a hypervisor. 
While our NoHype architecture is named to indicate the removal of the 
hypervisor, it has an intended double meaning that it is "no hype" and 
that we designed, implemented, and evaluated the NoHype architecture on 
today's hardware. 

Bio

Eric Keller is a post-doctoral research associate in the Computer and 
Information Science department at the University of Pennsylvania, 
working with Jonathan Smith.  He received his Ph.D. in 2011 from the 
Electrical Engineering department at Princeton University, advised by 
Jennifer Rexford in the Computer Science department.  His research 
interest is building reliable and secure networked systems, using a 
cross-layer approach from networking, computer architecture, operating 
systems, and distributed systems. 

This talk is organized by Mike Hicks