Cloud computing, enabled by virtualization technologies, has become an important computing paradigm. However, by choosing the cloud computing model the customers give up control, e.g. over the system software, of servers where their code executes and where their data is stored. In this dissertation, we propose to leverage server hardware to provide protections for the code and data inside a customer's virtual machines on the remote cloud servers. In particular, this dissertation explores a threat that has not been addressed by researchers before -- that of the virtualization (system) software becoming compromised or malicious and attacking other virtual machines on the server. The high-level goal is to make code and data executing in a remote virtual machine as secure as if it were executing inside a customer's own office on a dedicated server, despite customer's lack of control over the system software. The first new research direction that we present is our hypervisor-free virtualization, which is realized in the NoHype architecture. Hypervisor-free virtualization takes a novel approach of removing the need for a virtualization layer during a virtual machine's runtime. This eliminates the attack surface from potentially malicious virtual machines to the virtualization layer and reduces the attackers' means for gaining virtualization layer privileges that they could then use to compromise the rest of the system. The hypervisor-free virtualization can be realized on existing hardware. The second new research direction that we present is our hypervisor-secure virtualization, which is realized in the HyperWall architecture. The architecture proposes new hardware so that untrusted virtualization layer can dynamically manage server resources, such as memory allocation, but confidentiality and integrity of virtual machines memory is protected. We also present hardware trust evidence mechanisms, which can be used to attest to the customer configuration and enforcement of protections of their virtual machines. The last part of this dissertation presents a new security verification methodology. Our methodology can be used to help check the correctness of hardware-software security architectures. Performing security verification, which is different from functional verification, can help find security bugs and facilitate committing designs to hardware.
|Advisor:||Lee, Ruby B.|
|Commitee:||Chiang, Mung, Felten, Ed, Jha, Niraj, Rexford, Jennifer|
|School Location:||United States -- New Jersey|
|Source:||DAI-B 75/02(E), Dissertation Abstracts International|
|Keywords:||Cloud computing, Code executes, Computer architecture, Security, Virtual machines|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be