著者

Hirano Manabu Shinagawa Takahiro Eiraku Hideki Hasegawa Shoichi Omote Kazumasa Tanimoto Kouichi Horie Takashi Mune Seiji Kato Kazuhiko Okuda Takeshi Kawai Eiji Yamaguchi Suguru

出版者

Institute of Electrical and Electronics Engineers (IEEE)

雑誌

2009 Third International Conference on Emerging Security Information, Systems and Technologies

巻号頁・発行日

pp.129-135, 2009-06

被引用文献数

1

---

Virtual Machine Monitors (VMMs), also called hypervisors,can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposesa two-step execution mechanism to reduce the complexityof a VMM-based TCB. We propose a method to separate aconventional VMM-based TCB into the following two parts:(1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guestOS performing security tasks can be executed in advance.After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a targetguest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.