You are here
SecureVirt: a Trusted Computing Base for Virtual Machines
Title: Lead Scientist
Phone: (301) 294-5218
Email: pxie@i-a-i.com
Title: Director, Contracts&Proposals
Phone: (301) 294-5221
Email: mjames@i-a-i.com
ABSTRACT: In this proposed effort, we propose a light-weight hypervisor, called SecureVirt for cloud computing. SecureVirt can securely isolate the virtual machines (VMs) concurrently running on the same hardware resources. SecureVirt consists of two components, TinyHype and virtual machine manager. TinyHype performs the most fundamental functions and virtual machine manager emulates I/O devices and network for the VMs. The SecureVirt architecture follows the design principle of Microkernel, i.e., TinyHype runs at the highest privilege level while VM manager runs at less privileged level. The microkernel-type architecture significantly reduces the attack surface of TinyHype. Moreover, TinyHype adopts a static CPU core and memory allocation to simplify its functions and reduce its code size. Finally, these proposed techniques will be integrated in a workable SecureVirt prototype to show the feasibility of our proposed techniques. BENEFIT: The proposed solution is well-suited for application scenarios such as clouding computing and data center. Both commercial and military markets will benefit from the development of the proposed solution for infrastructure security, particularly in cloud environments where untrusted customer VMs can potentially execute malicious code to perform penetration-based attacks against hypervisor and interfere with other VMs. In addition, it can also be applied to embedded applications, providing a mechanism to isolate various subsystems from each other for fault tolerance and security. The proposed solution also has great commercial market potential. DoD efforts to consolidate and reduce data center via virtualization are anticipated to save $3 billion annually by 2015. The global cyber security market is growing at 11.3% CAGR and is estimated to reach $120.1B by 2017. The addressable market size for the proposed solution is estimated to be more than $200+ million during the first 10 years of commercialization. Potential end users include cloud computing providers (e.g., Amazon Web Services, Rackspace, CenturyLink/Savvis); Cloud-based software providers (e.g., Salesforce, Citrix Systems, SAP); and virtualization software developers (e.g., VMWare, Microsoft).
* Information listed above is at the time of submission. *