HyperDomain: Enabling Inspection of Malicious VMM's Misbehavior

• Published in: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications pp. 588 - 595
• Main Authors: Wenyin Yang, Li Ma
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.06.2012
• Subjects: Cloud computing; Computer architecture; data confidentiality; Hardware; Security; Support vector machines; virtual machine monitor; Virtual machine monitors; virtualization
• ISBN: 9781467321723; 1467321729
• ISSN: 2324-898X; 2324-9013
• DOI: 10.1109/TrustCom.2012.178

Virtualization enables the popularization of cloud computing on the one hand, and naturally becomes the security base of cloud computing on the other hand. Nowadays, most of the existing researches focus on the security protection of Virtual Machine (VM) which is ensured by the Virtual Machine Monitor (VMM) provided by Cloud Service Provider. Nevertheless, it's easily neglected that the VMM is a potential malware, which may threaten the confidentiality of VM's data without users' awareness. In this paper, we present HyperDomain, a framework implemented with hardware components and a security VM, aiming to guarantee the confidentiality of data on the memory through verification and measurement of VMM's related operations. Besides, in order to ensure the normal operation of HyperDomain, self-protection mechanisms, including secret communication scheme and capability enhancement of security VM, are introduced. The security analysis shows that the inspection of VMM's misbehavior is effective to defend against the attacks to memory data, and to inform the guest VMs about the illegal operation. In addition, the auxiliary HyperDomain self-protection approaches are proved to be valid for eavesdropping and interruption attacks defense.