Recent research has developed virtualization architectures to protect the privacy of guest virtual machines. The key technology is to include an access control matrix in the hypervisor. However, existing approaches have either limited functionalities in the hypervisor or a Trusted computing Base (TCB) which is too large to secure. In this paper, we propose a new architecture, MyCloud SEP, to separate resource allocation and management from the hypervisor in order to reduce the TCB size while supporting privacy protection. In our design, the hypervisor checks all resource accesses against an access control matrix in the hypervisor. While providing flexibility of plugging-in resource management modules, the size of TCB is significantly reduced compared with commercial hypervisors. Using virtual disk manager as an example, we implement a prototype on x86 architecture. The performance evaluation results also show acceptable overheads. © 2014 Springer International Publishing Switzerland.
CITATION STYLE
Li, M., Zha, Z., Zang, W., Yu, M., Liu, P., & Bai, K. (2014). Detangling resource management functions from the tcb in privacy-preserving virtualization. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8712 LNCS, pp. 310–325). Springer Verlag. https://doi.org/10.1007/978-3-319-11203-9_18
Mendeley helps you to discover research relevant for your work.