{"title":"Analysis of Monolithic and Microkernel Architectures: Towards Secure Hypervisor Design","authors":"Jordan Shropshire","doi":"10.1109/HICSS.2014.615","DOIUrl":null,"url":null,"abstract":"This research focuses on hyper visor security from holistic perspective. It centers on hyper visor architecture - the organization of the various subsystems which collectively compromise a virtualization platform. It holds that the path to a secure hyper visor begins with a big-picture focus on architecture. Unfortunately, little research has been conducted with this perspective. This study investigates the impact of monolithic and micro kernel hyper visor architectures on the size and scope of the attack surface. Six architectural features are compared: management API, monitoring interface, hyper calls, interrupts, networking, and I/O. These subsystems are core hyper visor components which could be used as attack vectors. Specific examples and three leading hyper visor platforms are referenced (ESXi for monolithic architecture; Xen and Hyper-V for micro architecture). The results describe the relative strengths and vulnerabilities of both types of architectures. It is concluded that neither design is more secure, since both incorporate security tradeoffs in core processes.","PeriodicalId":250241,"journal":{"name":"2014 47th Hawaii International Conference on System Sciences","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 47th Hawaii International Conference on System Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HICSS.2014.615","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
This research focuses on hyper visor security from holistic perspective. It centers on hyper visor architecture - the organization of the various subsystems which collectively compromise a virtualization platform. It holds that the path to a secure hyper visor begins with a big-picture focus on architecture. Unfortunately, little research has been conducted with this perspective. This study investigates the impact of monolithic and micro kernel hyper visor architectures on the size and scope of the attack surface. Six architectural features are compared: management API, monitoring interface, hyper calls, interrupts, networking, and I/O. These subsystems are core hyper visor components which could be used as attack vectors. Specific examples and three leading hyper visor platforms are referenced (ESXi for monolithic architecture; Xen and Hyper-V for micro architecture). The results describe the relative strengths and vulnerabilities of both types of architectures. It is concluded that neither design is more secure, since both incorporate security tradeoffs in core processes.
本文从整体的角度对超面罩安全性进行了研究。它以超级遮阳体系结构为中心——各种子系统的组织,它们共同危及虚拟化平台。它认为通往安全超级遮阳板的道路始于对体系结构的总体关注。不幸的是,很少有研究从这个角度进行。本研究探讨了单内核和微内核超级防护架构对攻击面大小和范围的影响。比较了六个架构特性:管理API、监视接口、超调用、中断、网络和I/O。这些子系统是可以作为攻击载体的核心超面罩组件。具体的例子和三个领先的hypervisor平台(ESXi for monolithic architecture;Xen和Hyper-V的微架构)。结果描述了两种类型的体系结构的相对优势和弱点。结论是,这两种设计都不是更安全,因为两者都在核心流程中纳入了安全性权衡。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
