著者
Hirano Manabu Shinagawa Takahiro Eiraku Hideki Hasegawa Shoichi Omote Kazumasa Tanimoto Kouichi Horie Takashi Mune Seiji Kato Kazuhiko Okuda Takeshi Kawai Eiji Yamaguchi Suguru
出版者
Institute of Electrical and Electronics Engineers (IEEE)
雑誌
2009 Third International Conference on Emerging Security Information, Systems and Technologies
巻号頁・発行日
pp.129-135, 2009-06
被引用文献数
1

Virtual Machine Monitors (VMMs), also called hypervisors,can be used to construct a trusted computing base (TCB) enhancing the security of existing operating systems. The complexity of a VMM-based TCB causes the high risk of security vulnerabilities. Therefore, this paper proposesa two-step execution mechanism to reduce the complexityof a VMM-based TCB. We propose a method to separate aconventional VMM-based TCB into the following two parts:(1) A thin hypervisor with security services and (2) A special guest OS for security preprocessing. A special guestOS performing security tasks can be executed in advance.After shutting down the special guest OS, a hypervisor obtains preprocessing security data and next boots a targetguest OS to be protected. Thus, the proposed two-step execution mechanism can reduce run-time codes of a hypervisor. This paper shows a design, a prototype implementation and measurement results of lines of code using BitVisor, a VMM-based TCB we have developed.

言及状況

外部データベース (DOI)

外部データベース (ISBN)

Twitter (1 users, 1 posts, 1 favorites)

@lorenc_dan @mjmalone @apenwarr @ErrataRob I think that's one way to describe it. I think it's also that for a personal device, physical separation of the owner's security token from the device should render the device unusable. There were some similar ideas in BitVisor: https://t.co/FRQHaBKrQW

収集済み URL リスト