Now researchers from North Carolina State University have developed new techniques and software that may be the key to resolving those security concerns and boosting confidence in the sector.
“What we’ve done represents a significant advance in security for cloud computing and other virtualization applications,” says Dr. Xuxian Jiang, an assistant professor of computer science and co-author of the study. “Anyone interested in the virtualization sector will be very interested in our work.”
Virtualization allows the pooling of the computational power and storage of multiple computers, which can then be shared by multiple users. For example, under the cloud computing paradigm, businesses can lease computer resources from a data center to operate Web sites and interact with customers – without having to pay for the overhead of buying and maintaining their own IT infrastructures. The virtualization manager, commonly referred to as a “hypervisor,” is a type of software that creates “virtual machines” that operate in isolation from one another on a common computer. In other words, the hypervisor allows different operating systems to run in isolation from one another – even though each of these systems is using computing power and storage capability on the same computer. This is the technique that enables concepts like cloud computing to function.
One of the major threats to virtualization – and cloud computing – is malicious software that enables computer viruses or other malware that have compromised one customer’s system to spread to the underlying hypervisor and, ultimately, to the systems of other customers. In short, a key concern is that one cloud computing customer could download a virus – such as one that steals user data – and then spread that virus to the systems of all the other customers.
“If this sort of attack is feasible, it undermines consumer confidence in cloud computing,” Jiang says, “since consumers couldn’t trust that their information would remain confidential.”
But Jiang and his Ph.D. student Zhi Wang have now developed software, called HyperSafe, that leverages existing hardware features to secure hypervisors against such attacks. “We can guarantee the integrity of the underlying hypervisor by protecting it from being compromised by any malware downloaded by an individual user,” Jiang says. “By doing so, we can ensure the hypervisor’s isolation.”
For malware to affect a hypervisor, it typically needs to run its own code in the hypervisor. HyperSafe utilizes two components to prevent that from happening. First, the HyperSafe program “has a technique called non-bypassable memory lockdown, which explicitly and reliably bars the introduction of new code by anyone other than the hypervisor administrator,” Jiang says. “This also prevents attempts to modify existing hypervisor code by external users.”
Second, HyperSafe uses a technique called restricted pointer indexing. This technique “initially characterizes a hypervisor’s normal behavior, and then prevents any deviation from that profile,” Jiang says. “Only the hypervisor administrators themselves can introduce changes to the hypervisor code.”
The research was funded by the U.S. Army Research Office and the National Science Foundation. The research, “HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity,” will be presented May 18 at the 31st IEEE Symposium On Security And Privacy in Oakland, Calif.
NC State’s Department of Computer Science is part of the university’s College of Engineering.
Matt Shipman | EurekAlert!
New technology enables 5-D imaging in live animals, humans
16.01.2017 | University of Southern California
Fraunhofer FIT announces CloudTeams collaborative software development platform – join it for free
10.01.2017 | Fraunhofer-Institut für Angewandte Informationstechnik FIT
Among the general public, solar thermal energy is currently associated with dark blue, rectangular collectors on building roofs. Technologies are needed for aesthetically high quality architecture which offer the architect more room for manoeuvre when it comes to low- and plus-energy buildings. With the “ArKol” project, researchers at Fraunhofer ISE together with partners are currently developing two façade collectors for solar thermal energy generation, which permit a high degree of design flexibility: a strip collector for opaque façade sections and a solar thermal blind for transparent sections. The current state of the two developments will be presented at the BAU 2017 trade fair.
As part of the “ArKol – development of architecturally highly integrated façade collectors with heat pipes” project, Fraunhofer ISE together with its partners...
At TU Wien, an alternative for resource intensive formwork for the construction of concrete domes was developed. It is now used in a test dome for the Austrian Federal Railways Infrastructure (ÖBB Infrastruktur).
Concrete shells are efficient structures, but not very resource efficient. The formwork for the construction of concrete domes alone requires a high amount of...
Many pathogens use certain sugar compounds from their host to help conceal themselves against the immune system. Scientists at the University of Bonn have now, in cooperation with researchers at the University of York in the United Kingdom, analyzed the dynamics of a bacterial molecule that is involved in this process. They demonstrate that the protein grabs onto the sugar molecule with a Pac Man-like chewing motion and holds it until it can be used. Their results could help design therapeutics that could make the protein poorer at grabbing and holding and hence compromise the pathogen in the host. The study has now been published in “Biophysical Journal”.
The cells of the mouth, nose and intestinal mucosa produce large quantities of a chemical called sialic acid. Many bacteria possess a special transport system...
UMD, NOAA collaboration demonstrates suitability of in-orbit datasets for weather satellite calibration
"Traffic and weather, together on the hour!" blasts your local radio station, while your smartphone knows the weather halfway across the world. A network of...
Fiber-reinforced plastics (FRP) are frequently used in the aeronautic and automobile industry. However, the repair of workpieces made of these composite materials is often less profitable than exchanging the part. In order to increase the lifetime of FRP parts and to make them more eco-efficient, the Laser Zentrum Hannover e.V. (LZH) and the Apodius GmbH want to combine a new measuring device for fiber layer orientation with an innovative laser-based repair process.
Defects in FRP pieces may be production or operation-related. Whether or not repair is cost-effective depends on the geometry of the defective area, the tools...
10.01.2017 | Event News
09.01.2017 | Event News
05.01.2017 | Event News
16.01.2017 | Power and Electrical Engineering
16.01.2017 | Information Technology
16.01.2017 | Power and Electrical Engineering