skip to main content
Department of Computer Science University of Colorado Boulder
cu: home | engineering | mycuinfo | about | cu a-z | search cu | contact cu cs: about | calendar | directory | catalog | schedules | mobile | contact cs
home · events · colloquia · 2011-2012 · 

Colloquium - Keller

ECCR 265

Secure Virtualization for Dependable Cloud Services
University of Pennsylvania

As we increase our dependence on the network and networked services, the security and reliability of the underlying infrastructure becomes increasingly important. In this talk I will first discuss, using examples from our work, how virtualization technology can play (and already is playing) a great role in improving the end-to-end infrastructure of networked services -- including the wireless infrastructure people use to connect to the network, the core Internet which enables global communication, and the data centers hosting the services.

Unfortunately, while virtualization as a concept has great security properties, realizing the ideal in practice is difficult. To illustrate this I will discuss hosted cloud computing infrastructures, where a key underlying technology is virtualization. In these infrastructures, the virtualization layer is quite complex and forms a very large trusted computing base that is practically impossible to ship without bugs. A malicious virtual machine (VM) can exploit these bugs to attack the virtualization software. Exploiting such an attack vector would give the attacker the ability to obstruct or access other virtual machines and therefore breach confidentiality, integrity, and availability of the other virtual machines' code or data.

I will present our NoHype architecture where we eliminated the attack surface by going to the extreme of removing the virtualization layer altogether, without sacrificing the key features enabled by virtualization as used in cloud computing infrastructures. As part of booting the VM, NoHype allocates processor cores, physical memory pages, and virtual network interface cards (NICs) to the guest VM, and performs all necessary system discovery. This obviates the need for guest VMs to perform "VM exits" to access services normally provided by a hypervisor. While our NoHype architecture is named to indicate the removal of the hypervisor, it has an intended double meaning that it is "no hype" and that we designed, implemented, and evaluated the NoHype architecture on today's hardware.

Eric Keller is a post-doctoral research associate in the Computer and Information Science department at the University of Pennsylvania, working with Jonathan Smith. He received his PhD in 2011 from the Electrical Engineering department at Princeton University, advised by Jennifer Rexford in the Computer Science department. His research interest is building reliable and secure networked systems, using a cross-layer approach from networking, computer architecture, operating systems, and distributed systems.

The Department holds colloquia throughout the Fall and Spring semesters. These colloquia, open to the public, are typically held on Thursday afternoons, but sometimes occur at other times as well. If you would like to receive email notification of upcoming colloquia, subscribe to our Colloquia Mailing List. If you would like to schedule a colloquium, see Colloquium Scheduling.

Sign language interpreters are available upon request. Please contact Stephanie Morris at least five days prior to the colloquium.

See also:
Department of Computer Science
College of Engineering and Applied Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
Send email to

Engineering Center Office Tower
ECOT 717
FAX +1-303-492-2844
XHTML 1.0/CSS2 ©2012 Regents of the University of Colorado
Privacy · Legal · Trademarks
May 5, 2012 (13:29)