Hypervisors as a Foothold for Personal Computer Security: An Agenda for the Research Community
Abstract
The purpose of this paper is to propose the creation of a security-enhancing hypervisor for PCs as a collaborative agenda for the research community. This agenda is not necessarily about answering fundamentally new research questions. Rather, it is a call to action about a rare chance for the community to have substantial impact. If researchers demonstrate compelling near-term benefits from a modest security layer, then OS vendors may adopt such a layer as a way to increase security without costly reengineering. The introduction of this secure foothold into the consumer software stack could then yield significant long-term benefits by providing a much better avenue for deploying security solutions. This agenda consists of two parts: (1) exploring how hypervisors can address end-user security issues and (2) exploring how to architect a small, secure hypervisor that provides several of these facilities. We believe that there are interesting and worthwhile challenges in both parts. The rest of this paper is organized as follows. We begin by explaining why hypervisors provide a highly attractive insertion point for security (Section 2) and summarizing work in this area (Section 3). We then discuss security facilities that a hypervisor can provide in Section 4, with a focus on trusted paths to online services. We conclude by discussing challenges associated with our proposal in Section 5.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 13, 2012
- Accession Number
- ADA555877
Entities
People
- Chris Grier
- Dawn Song
- Ion Stoica
- Matei Zaharia
- Sachin Katti
- Scott Shenker
- Vern Paxson
Organizations
- University of California, Berkeley