home · mobile · calendar · colloquia · 2011-2012 · 

Colloquium - Keller

Secure Virtualization for Dependable Cloud Services
University of Pennsylvania
3/22/2012
3:30pm-4:30pm

As we increase our dependence on the network and networked services, the security and reliability of the underlying infrastructure becomes increasingly important. In this talk I will first discuss, using examples from our work, how virtualization technology can play (and already is playing) a great role in improving the end-to-end infrastructure of networked services -- including the wireless infrastructure people use to connect to the network, the core Internet which enables global communication, and the data centers hosting the services.

Unfortunately, while virtualization as a concept has great security properties, realizing the ideal in practice is difficult. To illustrate this I will discuss hosted cloud computing infrastructures, where a key underlying technology is virtualization. In these infrastructures, the virtualization layer is quite complex and forms a very large trusted computing base that is practically impossible to ship without bugs. A malicious virtual machine (VM) can exploit these bugs to attack the virtualization software. Exploiting such an attack vector would give the attacker the ability to obstruct or access other virtual machines and therefore breach confidentiality, integrity, and availability of the other virtual machines' code or data.

I will present our NoHype architecture where we eliminated the attack surface by going to the extreme of removing the virtualization layer altogether, without sacrificing the key features enabled by virtualization as used in cloud computing infrastructures. As part of booting the VM, NoHype allocates processor cores, physical memory pages, and virtual network interface cards (NICs) to the guest VM, and performs all necessary system discovery. This obviates the need for guest VMs to perform "VM exits" to access services normally provided by a hypervisor. While our NoHype architecture is named to indicate the removal of the hypervisor, it has an intended double meaning that it is "no hype" and that we designed, implemented, and evaluated the NoHype architecture on today's hardware.

Eric Keller is a post-doctoral research associate in the Computer and Information Science department at the University of Pennsylvania, working with Jonathan Smith. He received his PhD in 2011 from the Electrical Engineering department at Princeton University, advised by Jennifer Rexford in the Computer Science department. His research interest is building reliable and secure networked systems, using a cross-layer approach from networking, computer architecture, operating systems, and distributed systems.

Department of Computer Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
webmaster@cs.colorado.edu
www.cs.colorado.edu
May 5, 2012 (14:13)
XHTML 1.0/CSS2
©2012