University of Cambridge > Talks.cam > Computer Laboratory Systems Research Group Seminar > Improving Xen Security through Disaggregation

Improving Xen Security through Disaggregation

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Eiko Yoneki.

Virtual machine monitors (VMMs) have been hailed as the basis for an increasing number of reliable or trusted computing systems. The Xen VMM is a relatively small piece of software—a hypervisor—that runs at a lower level than a conventional operating system in order to provide isolation between virtual machines: its size is offered as an argument for its trustworthiness. However, the management of a Xen-based system requires a privileged, full-blown operating system to be included in the trusted computing base (TCB).

In this talk, I will introduce our work to disaggregate the management virtual machine in a Xen-based system. I will present a study of the Xen architecture and explain why the status quo results in a large TCB . I will challenge the conventional wisdom that smaller TCBs are necessarily better, and argue that the “surface area” of the TCB is as important as its size. I will then describe how we implemented our approach on Xen, by moving the domain builder—the most important privileged component—into a minimal trusted compartment. I will also discuss some of the ongoing work that is based on our disaggregation approach.

This talk is part of the Computer Laboratory Systems Research Group Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2020 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity