New Research Offers Security For Virtualization, Cloud Computing

Apr 27, 2010 by Matt Shipman

Virtualization and cloud computing allow computer users access to powerful computers and software applications hosted by remote groups of servers, but security concerns related to data privacy are limiting public confidence - and slowing adoption of the new technology. Now researchers from North Carolina State University have developed new techniques and software that may be the key to resolving those security concerns and boosting confidence in the sector.

"What we've done represents a significant advance in security for cloud computing and other applications," says Dr. Xuxian Jiang, an assistant professor of computer science and co-author of the study. "Anyone interested in the virtualization sector will be very interested in our work."

Virtualization allows the pooling of the computational power and storage of , which can then be shared by multiple users. For example, under the cloud computing paradigm, businesses can lease computer resources from a data center to operate Web sites and interact with customers - without having to pay for the overhead of buying and maintaining their own IT infrastructures. The virtualization manager, commonly referred to as a "hypervisor," is a type of software that creates "" that operate in isolation from one another on a common computer. In other words, the hypervisor allows different operating systems to run in isolation from one another - even though each of these systems is using and storage capability on the same computer. This is the technique that enables concepts like cloud computing to function.

One of the major threats to virtualization - and cloud computing - is that enables computer viruses or other malware that have compromised one customer's system to spread to the underlying hypervisor and, ultimately, to the systems of other customers. In short, a key concern is that one cloud computing customer could download a virus - such as one that steals user data - and then spread that virus to the systems of all the other customers.

"If this sort of attack is feasible, it undermines consumer confidence in ," Jiang says, "since consumers couldn't trust that their information would remain confidential."

But Jiang and his Ph.D. student Zhi Wang have now developed software, called HyperSafe, that leverages existing hardware features to secure hypervisors against such attacks. "We can guarantee the integrity of the underlying hypervisor by protecting it from being compromised by any malware downloaded by an individual user," Jiang says. "By doing so, we can ensure the hypervisor's isolation."

For malware to affect a hypervisor, it typically needs to run its own code in the hypervisor. HyperSafe utilizes two components to prevent that from happening. First, the HyperSafe program "has a technique called non-bypassable memory lockdown, which explicitly and reliably bars the introduction of new code by anyone other than the hypervisor administrator," Jiang says. "This also prevents attempts to modify existing hypervisor code by external users."

Second, HyperSafe uses a technique called restricted pointer indexing. This technique "initially characterizes a hypervisor's normal behavior, and then prevents any deviation from that profile," Jiang says. "Only the hypervisor administrators themselves can introduce changes to the hypervisor code."

Explore further: Ride-sharing could cut cabs' road time by 30 percent

More information: The research, "HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity," will be presented May 18 at the 31st IEEE Symposium On Security And Privacy in Oakland, Calif.

Related Stories

A virtual boost is sought for PCs

Jan 28, 2009

What if you didn't have a separate work computer to deal with anymore? Instead, you and your co-workers would use personal laptops to access work files and software - without having to download anything on your computer. ...

IBM Unveils New Software to Reduce Data Center Complexity

Jun 18, 2007

IBM today announced a new release of its premier virtualization management software that adds powerful new capabilities for simplifying the management of virtual and physical systems across multiple platforms. In addition, ...

Networking: Old hardware, new applications

May 30, 2006

The market for virtual servers -- software that lets computer users employ more than one operating system, whether it is Windows or Linux, on a single server -- is surging. Experts tell UPI's Networking that more than 45 ...

Recommended for you

Ride-sharing could cut cabs' road time by 30 percent

10 hours ago

Cellphone apps that find users car rides in real time are exploding in popularity: The car-service company Uber was recently valued at $18 billion, and even as it faces legal wrangles, a number of companies ...

Avatars make the Internet sign to deaf people

Aug 29, 2014

It is challenging for deaf people to learn a sound-based language, since they are physically not able to hear those sounds. Hence, most of them struggle with written language as well as with text reading ...

Chameleon: Cloud computing for computer science

Aug 26, 2014

Cloud computing has changed the way we work, the way we communicate online, even the way we relax at night with a movie. But even as "the cloud" starts to cross over into popular parlance, the full potential ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

MikeLisanke
not rated yet May 03, 2010
This article does not explain "which explicitly and reliably bars the introduction of new code by anyone other than the hypervisor administrator". In general, deciding 'hypervisor administrator' from average user is the mechanism of exploit, but; users are also concerned about insider attackers which are not 'user insiders' but third-party insiders of the virtualization center.
I think there may still be work to do before a guaranteed of security can be made.