 |
Conference papers
Blind hypervision to protect virtual machine privacy against hypervisor escape vulnerabilities
Abstract : Hypervision is being widely implemented in an effort to control costs and to simplify management through consolidation of servers. It has been recently unraveled that well over a third of virtualization vulnerabilities reside in the hyper-visor, mostly due to hypervisor escape. The exploitation of these vulnerabilities allows an attacker, among other things, to access and/or modify data of other Virtual Machines (VMs) by escaping from its VM and executing malicious code in the hypervisor. This paper introduces the general idea of blind hypervision, a hardware/software co-design to prevent such attackers to access private elements of other VMs. Blind hypervision limits the rights of the hypervisor regarding memory access, so that a malicious agent executing with hypervisor rights cannot access the data of the VMs.
https://hal-cea.archives-ouvertes.fr/cea-01838139
Contributor : Léna Le Roy <>
Submitted on : Friday, July 13, 2018 - 10:28:47 AM
Last modification on : Monday, February 10, 2020 - 6:14:16 PM
Contributor : Léna Le Roy <>
Submitted on : Friday, July 13, 2018 - 10:28:47 AM
Last modification on : Monday, February 10, 2020 - 6:14:16 PM