We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
An Enhanced Approach for Realizing Robust Security and Isolation in Virtualized Environments.
- Authors
Abuleil, Rawan; Murrar, Samer; Shkoukani, Mohammad
- Abstract
Transitioning into the next generation of supercomputing resources, we're faced with expanding user bases and diverse workloads, increasing the demand for improved security measures and deeper software compartmentalization. This is especially pertinent for virtualization, a key cloud computing component that's at risk from attacks due to hypervisors' integration into privileged OSs and shared use across VMs. In response to these challenges, our paper presents a two-pronged approach: introducing secure computing capabilities into the HPC software stack and proposing SecFortress an enhanced hypervisor design. By porting the Kitten Lightweight Kernel to the ARM64 architecture and integrating it with the Hafnium hypervisor, we substitute the Linux-based resource management infrastructure, reducing overheads. Concurrently, SecFortress employs a nested kernel approach, preventing outerOS from accessing mediator's memory, and creating a hypervisor box to isolate untrusted VMs' effects. Our initial results highlight significant performance improvements on small scale ARMbased SOC platforms and enhanced hypervisor security with minimal runtime overhead, establishing a solid foundation for further research in secure, scalable high-performance computing.
- Subjects
HYPERVISOR (Computer software); CLOUD computing; LINUX operating systems; VIRTUAL machine systems; INTERNET security
- Publication
International Journal of Advanced Computer Science & Applications, 2023, Vol 14, Issue 11, p293
- ISSN
2158-107X
- Publication type
Article
- DOI
10.14569/ijacsa.2023.0141129