Secure Guest Virtual Machine Support in Apparition (VEE 2019 - Research Papers)

Who

Ethan Johnson, Komail Dharsee, John Criswell

Track

VEE 2019 Research Papers

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Sun 14 Apr 2019 10:25 - 10:50 at Garden Room - Session1

Abstract

Recent research utilizing Secure Virtual Architecture (SVA) has demonstrated that compiler-based virtual machines can protect applications from side-channel attacks launched by compromised operating system kernels. However, SVA provides no instructions for using hardware virtualization features such as Intel's Virtual Machine Extensions (VMX) and AMD's Secure Virtual Machine (SVM). Consequently, operating systems running on top of SVA cannot run guest operating systems using features such as Linux's Kernel Virtual Machine (KVM) and FreeBSD's bhyve.

This paper presents a set of new SVA instructions that allow an operating system kernel to configure and use the Intel VMX hardware features. Additionally, we use these new instructions to create \emph{Shade}. Shade extends Apparition (an SVA-based system) to ensure that a compromised host operating system cannot use the new VMX virtual instructions to attack host applications (either directly or via page-fault and last-level-cache side-channel attacks).

Ethan Johnson

University of Rochester, USA

Komail Dharsee

University of Rochester, USA

John Criswell

University of Rochester, USA

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Sun 14 Apr
Displayed time zone: Eastern Time (US & Canada) change

10:00 - 12:05	Session1Research Papers at Garden Room

10:00 25m Talk		TEEv: Virtualizing Trusted Execution Environments on Mobile Platforms Research Papers Wenhao Li Shanghai Jiao Tong University, China, Yubin Xia Shanghai Jiao Tong University, China, Long Lu Northeastern University, n.n., Haibo Chen Shanghai Jiao Tong University, China, Binyu Zang Shanghai Jiao Tong University, China
10:25 25m Talk		Secure Guest Virtual Machine Support in Apparition Research Papers Ethan Johnson University of Rochester, USA, Komail Dharsee University of Rochester, USA, John Criswell University of Rochester, USA
10:50 25m Talk		ACRN: A Big Little Hypervisor for IoT Development Research Papers Hao Li , Xuefei Xu Intel, China, Jinkui Ren Intel, China, Yaozu Dong Intel, China
11:15 25m Talk		Fast and Live Hypervisor Replacement Research Papers Spoorti Doddamani Binghamton University, USA, Piush Kumar Sinha Binghamton University, USA, Hui Lu Binghamton University, USA, Tsu-Hsiang K. Cheng Binghamton University, USA, Hardik H. Bagdi Binghamton University, USA, Kartik Gopalan Binghamton University, USA
11:40 25m Talk		A Binary-Compatible Unikernel Research Papers Pierre Olivier Virginia Tech, USA, Daniel Chiba Virginia Tech, USA, Stefan Lankes RWTH Aachen University, Germany, Changwoo Min Virginia Tech, USA, Binoy Ravindran Virginia Tech, USA