Skip to Main content Skip to Navigation
Conference papers

Blind hypervision to protect virtual machine privacy against hypervisor escape vulnerabilities

Abstract : Hypervision is being widely implemented in an effort to control costs and to simplify management through consolidation of servers. It has been recently unraveled that well over a third of virtualization vulnerabilities reside in the hyper-visor, mostly due to hypervisor escape. The exploitation of these vulnerabilities allows an attacker, among other things, to access and/or modify data of other Virtual Machines (VMs) by escaping from its VM and executing malicious code in the hypervisor. This paper introduces the general idea of blind hypervision, a hardware/software co-design to prevent such attackers to access private elements of other VMs. Blind hypervision limits the rights of the hypervisor regarding memory access, so that a malicious agent executing with hypervisor rights cannot access the data of the VMs.
Document type :
Conference papers
Complete list of metadatas

https://hal-cea.archives-ouvertes.fr/cea-01838139
Contributor : Léna Le Roy <>
Submitted on : Friday, July 13, 2018 - 10:28:47 AM
Last modification on : Monday, February 10, 2020 - 6:14:16 PM

Identifiers

Collections

Citation

P. Dubrulle, R. Sirdey, P. Doré, M. Aichouch, E. Ohayon. Blind hypervision to protect virtual machine privacy against hypervisor escape vulnerabilities. 2015 IEEE 13th International Conference on Industrial Informatics (INDIN), Jul 2015, Cambridge, United Kingdom. pp.1394-1399, ⟨10.1109/INDIN.2015.7281938⟩. ⟨cea-01838139⟩

Share

Metrics

Record views

99