JCP 2014 Vol.9(3): 741-749 ISSN: 1796-203X
doi: 10.4304/jcp.9.3.741-749
doi: 10.4304/jcp.9.3.741-749
Secure-Turtles: Building a Secure Execution Environment for Guest VMs on Turtles System
Fei Liu, Lanfang Ren, Hongtao Bai
Institute of Security China Mobile, China
Abstract—We propose Secure-Turtle, a secure nested virtual system based on Turtles system, which provides a secure execution environment for the L2 guest VM. In particular, Secure-Turtles system builds a trust chain from L0 host hypervisor, L1 guest hypervisor, qemu-kvm daemon to L2 guest VM. Through this security chain, Secure-Turtles can protect L2 guest VM against attacks form the L1 user mode, even when the attacker has the root privilege of the L1 guest hypervisor. Our goal is to make Secure-Turtles possible to rule out known class of vulnerabilities from the L1 user. We proposed four general requirements for Secure-Turtles to satisfy to achieve our goal and list sixteen basic properties for the Secure-Turtles system to achieve. With these properties, the proposed four requirements can be guaranteed. We rely on the memory virtualization to build Secure-Turtles and implement a prototype based on Turtles. We evaluate its prototype using two metrics: security and performance. The security evaluation result shows that Secure-Turtles can protect L2 guest VM from attacks from the L1 user mode. The performance result shows that Secure-Turtles introduces little performance overhead to the L2 guest VM compared with the Turtles system.
Index Terms—Security, Nested virtualization
Abstract—We propose Secure-Turtle, a secure nested virtual system based on Turtles system, which provides a secure execution environment for the L2 guest VM. In particular, Secure-Turtles system builds a trust chain from L0 host hypervisor, L1 guest hypervisor, qemu-kvm daemon to L2 guest VM. Through this security chain, Secure-Turtles can protect L2 guest VM against attacks form the L1 user mode, even when the attacker has the root privilege of the L1 guest hypervisor. Our goal is to make Secure-Turtles possible to rule out known class of vulnerabilities from the L1 user. We proposed four general requirements for Secure-Turtles to satisfy to achieve our goal and list sixteen basic properties for the Secure-Turtles system to achieve. With these properties, the proposed four requirements can be guaranteed. We rely on the memory virtualization to build Secure-Turtles and implement a prototype based on Turtles. We evaluate its prototype using two metrics: security and performance. The security evaluation result shows that Secure-Turtles can protect L2 guest VM from attacks from the L1 user mode. The performance result shows that Secure-Turtles introduces little performance overhead to the L2 guest VM compared with the Turtles system.
Index Terms—Security, Nested virtualization
Cite: Fei Liu, Lanfang Ren, Hongtao Bai, "Secure-Turtles: Building a Secure Execution Environment for Guest VMs on Turtles System," Journal of Computers vol. 9, no. 3, pp. 741-749, 2014.
PREVIOUS PAPER
A Robust Method for Spike Sorting with Overlap Decomposition
NEXT PAPER
Shape Analysis of C-B-splines
General Information
ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Abbreviated Title: J.Comput.
Frequency: Bimonthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO, ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat,etc
E-mail: jcp@iap.org
-
Nov 14, 2019 News!
Vol 14, No 11 has been published with online version [Click]
-
Mar 20, 2020 News!
Vol 15, No 2 has been published with online version [Click]
-
Dec 16, 2019 News!
Vol 14, No 12 has been published with online version [Click]
-
Sep 16, 2019 News!
Vol 14, No 9 has been published with online version [Click]
-
Aug 16, 2019 News!
Vol 14, No 8 has been published with online version [Click]
- Read more>>