Architectural Support for Securing Cloud Servers
Speaker: Jakub Szefer
Host Faculty: Professor Ramesh Karri
Cloud computing is becoming a dominant computing paradigm. However, most cloud computing services are built using commodity systems not designed to handle the variety of threats present in this utility-like computing model. Users' concerns and surveys of hypervisor vulnerabilities have motivated our research on securing virtual machines, in particular we focus on protections from a malicious or compromised hypervisor. We have defined hypervisor-free virtualization, realized in the NoHype architecture, which aims to eliminate the need for active hypervisor when the virtual machines run. Our key insight is to use hardware virtualization features, originally deigned for performance reasons, to remove the hypervisor attack surface and securely isolate the virtual machines. We also defined hypervisor-secure virtualization, realized in the HyperWall architecture, which further improves virtual machine security while providing more functionality over NoHype. The HyperWall architecture allows an untrusted commodity hypervisor to manage the system while the virtual machines are protected from it. Our key contribution is a special new feature we introduced: the hardware-only accessible DRAM for storing the protections. To improve confidence in the security of the design, we recently proposed a novel security verification methodology, and applied it to component interactions and protocols of HyperWall. By designing and verifying such architectures for secure cloud computing, we can enable more users to enjoy the benefits of cloud computing and be able to securely process sensitive code and data in virtual machines running on cloud servers – even if attackers can gain hypervisor-level privileges.
About the Speaker
Jakub Szefer’s research interests are at the intersection of computer architecture and computer security. His recent work focuses on securing cloud computing, even if the hypervisor running on the cloud servers is compromised. He received B.S. degree with highest honors in Electrical and Computer Engineering from University of Illinois at Urbana-Champaign in 2006, a M.A. in Electrical Engineering rom Princeton University in 2009, and expects his Ph.D. also in Electrical Engineering from Princeton University in early 2013. He is part of the Princeton Architectural Lab for Multimedia and Security (PALMS) led by Prof. Ruby B. Lee. In addition to research, he enjoys teaching and has won two outstanding TA awards and the Wu Prize for Excellence.