As we increase our dependence on the network and networked services,
the security and reliability of the underlying infrastructure becomes
increasingly important. In this talk I will first discuss, using
examples from our work, how virtualization technology can play (and
already is playing) a great role in improving the end-to-end
infrastructure of networked services -- including the wireless
infrastructure people use to connect to the network, the core Internet
which enables global communication, and the data centers hosting the
services.
Unfortunately, while virtualization as a concept has great security
properties, realizing the ideal in practice is difficult. To illustrate
this I will discuss hosted cloud computing infrastructures, where a key
underlying technology is virtualization. In these infrastructures, the
virtualization layer is quite complex and forms a very large trusted
computing base that is practically impossible to ship without bugs.
A malicious virtual machine (VM) can exploit these bugs to attack the
virtualization software. Exploiting such an attack vector would give
the attacker the ability to obstruct or access other virtual machines
and therefore breach confidentiality, integrity, and availability of
the other virtual machines' code or data.
I will present our NoHype architecture where we eliminated the attack
surface by going to the extreme of removing the virtualization layer
altogether, without sacrificing the key features enabled by virtualization
as used in cloud computing infrastructures. As part of booting the VM,
NoHype allocates processor cores, physical memory pages, and virtual
network interface cards (NICs) to the guest VM, and performs all necessary
system discovery. This obviates the need for guest VMs to perform
"VM exits" to access services normally provided by a hypervisor.
While our NoHype architecture is named to indicate the removal of the
hypervisor, it has an intended double meaning that it is "no hype" and
that we designed, implemented, and evaluated the NoHype architecture on
today's hardware.
Eric Keller is a post-doctoral research associate in the Computer and
Information Science department at the University of Pennsylvania,
working with Jonathan Smith. He received his Ph.D. in 2011 from the
Electrical Engineering department at Princeton University, advised by
Jennifer Rexford in the Computer Science department. His research
interest is building reliable and secure networked systems, using a
cross-layer approach from networking, computer architecture, operating
systems, and distributed systems.