You are here

SecureVirt: a Trusted Computing Base for Virtual Machines

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8750-14-C-0166
Agency Tracking Number: F141-043-1457
Amount: $150,000.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: AF141-043
Solicitation Number: 2014.1
Timeline
Solicitation Year: 2014
Award Year: 2014
Award Start Date (Proposal Award Date): 2014-06-24
Award End Date (Contract End Date): 2015-03-24
Small Business Information
MD Suite 400
Rockville, MD 20855-2737
United States
DUNS: 161911532
HUBZone Owned: No
Woman Owned: Yes
Socially and Economically Disadvantaged: No
Principal Investigator
 Peng Xie
 Lead Scientist
 (301) 294-5218
 pxie@i-a-i.com
Business Contact
 Mark James
Title: Director, Contracts&Proposals
Phone: (301) 294-5221
Email: mjames@i-a-i.com
Research Institution
 Stub
Abstract

ABSTRACT: In this proposed effort, we propose a light-weight hypervisor, called SecureVirt for cloud computing. SecureVirt can securely isolate the virtual machines (VMs) concurrently running on the same hardware resources. SecureVirt consists of two components, TinyHype and virtual machine manager. TinyHype performs the most fundamental functions and virtual machine manager emulates I/O devices and network for the VMs. The SecureVirt architecture follows the design principle of Microkernel, i.e., TinyHype runs at the highest privilege level while VM manager runs at less privileged level. The microkernel-type architecture significantly reduces the attack surface of TinyHype. Moreover, TinyHype adopts a static CPU core and memory allocation to simplify its functions and reduce its code size. Finally, these proposed techniques will be integrated in a workable SecureVirt prototype to show the feasibility of our proposed techniques. BENEFIT: The proposed solution is well-suited for application scenarios such as clouding computing and data center. Both commercial and military markets will benefit from the development of the proposed solution for infrastructure security, particularly in cloud environments where untrusted customer VMs can potentially execute malicious code to perform penetration-based attacks against hypervisor and interfere with other VMs. In addition, it can also be applied to embedded applications, providing a mechanism to isolate various subsystems from each other for fault tolerance and security. The proposed solution also has great commercial market potential. DoD efforts to consolidate and reduce data center via virtualization are anticipated to save $3 billion annually by 2015. The global cyber security market is growing at 11.3% CAGR and is estimated to reach $120.1B by 2017. The addressable market size for the proposed solution is estimated to be more than $200+ million during the first 10 years of commercialization. Potential end users include cloud computing providers (e.g., Amazon Web Services, Rackspace, CenturyLink/Savvis); Cloud-based software providers (e.g., Salesforce, Citrix Systems, SAP); and virtualization software developers (e.g., VMWare, Microsoft).

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government