Dissertation/Thesis Abstract

Architectures for secure cloud computing servers
by Szefer, Jakub M., Ph.D., Princeton University, 2013, 355; 3597568
Abstract (Summary)

Cloud computing, enabled by virtualization technologies, has become an important computing paradigm. However, by choosing the cloud computing model the customers give up control, e.g. over the system software, of servers where their code executes and where their data is stored. In this dissertation, we propose to leverage server hardware to provide protections for the code and data inside a customer's virtual machines on the remote cloud servers. In particular, this dissertation explores a threat that has not been addressed by researchers before -- that of the virtualization (system) software becoming compromised or malicious and attacking other virtual machines on the server. The high-level goal is to make code and data executing in a remote virtual machine as secure as if it were executing inside a customer's own office on a dedicated server, despite customer's lack of control over the system software. The first new research direction that we present is our hypervisor-free virtualization, which is realized in the NoHype architecture. Hypervisor-free virtualization takes a novel approach of removing the need for a virtualization layer during a virtual machine's runtime. This eliminates the attack surface from potentially malicious virtual machines to the virtualization layer and reduces the attackers' means for gaining virtualization layer privileges that they could then use to compromise the rest of the system. The hypervisor-free virtualization can be realized on existing hardware. The second new research direction that we present is our hypervisor-secure virtualization, which is realized in the HyperWall architecture. The architecture proposes new hardware so that untrusted virtualization layer can dynamically manage server resources, such as memory allocation, but confidentiality and integrity of virtual machines memory is protected. We also present hardware trust evidence mechanisms, which can be used to attest to the customer configuration and enforcement of protections of their virtual machines. The last part of this dissertation presents a new security verification methodology. Our methodology can be used to help check the correctness of hardware-software security architectures. Performing security verification, which is different from functional verification, can help find security bugs and facilitate committing designs to hardware.

Indexing (document details)
Advisor: Lee, Ruby B.
Commitee: Chiang, Mung, Felten, Ed, Jha, Niraj, Rexford, Jennifer
School: Princeton University
Department: Electrical Engineering
School Location: United States -- New Jersey
Source: DAI-B 75/02(E), Dissertation Abstracts International
Subjects: Computer Engineering
Keywords: Cloud computing, Code executes, Computer architecture, Security, Virtual machines
Publication Number: 3597568
ISBN: 978-1-303-45694-7
Copyright © 2020 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy