- 著者
- Hirano Manabu Shinagawa Takahiro Eiraku Hideki Hasegawa Shoichi Omote Kazumasa Tanimoto Kouichi Horie Takashi Mune Seiji Kato Kazuhiko Okuda Takeshi Kawai Eiji Yamaguchi Suguru
- 出版者
- Institute of Electrical and Electronics Engineers (IEEE)
- 雑誌
- 2009 Third International Conference on Emerging Security Information, Systems and Technologies
- 巻号頁・発行日
- pp.129-135, 2009-06
- 被引用文献数
- 1
Virtual Machine Monitors (VMMs), also called hypervisors,can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposesa two-step execution mechanism to reduce the complexityof a VMM-based TCB. We propose a method to separate aconventional VMM-based TCB into the following two parts:(1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guestOS performing security tasks can be executed in advance.After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a targetguest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.