Abstract:Virtualization technology is more and more popular in enhancing the security of the operating system. The previous solutions usually take the virtual machine moniter ( VMM) as the trusted computing base ( TCB) and provide a security func- tion by virtualization technology. However,those solutions have the following problems: a) Virtualization brings overhead which requires the users to bear the cost of virtualization when they don’t need high security environment. b) The general-purpose VMMs based solution cannot meet the users’( especially the client-side users) demand for the environmental diversity. c) The general-purpose VMMs are relatively large as a trusted computing base ( TCB) . This paper addressed the challenge to reduce the overhead of virtualization and established a dynamic chain of trust when used VMM to enhance the security of OS. This paper proposed a security architecture named Cherub which took a lightweight virtual machine moniter( LVMM) as the TCB. Cherub utilized the dynamic root of trust for measurement and hardware virtualization to insert a trusted LVMM under the commercial operating system,which could be the TCB to achieve various security goals. Implemented Cherub in Linux and the evaluation demonstrates that Cherub is effective and practical in security and performance perspectives.

Trusted Lightweight VMM Based Security Architecture

Trusted Terminal Design of Distributed Environment

Trusted Computing Base Using Virtualization Platform

SeVMM: VMM-Based Security Control Model

Design and Implementation of SecPod, A Framework for Virtualization-Based Security Systems.

Hierarchal Security Architecture of Virtualized Trusted Platform

Vcerberus: A DRTM System Based on Virtualization Technology

Cherub: Fine-Grained Application Protection with On-Demand Virtualization

Embedded Virtualization Computing Platform Security Architecture Based on Trusted Computing.

Security protocols based on trusted platform module for virtual machine system

A Light-Weight, Secure and Trusted Virtual Execution Environment

V-MLR: A Multilevel Security Model for Virtualization

Cloud Virtual Machine Lifecycle Security Framework Based on Trusted Computing

KVM-Based Trusted Virtualization Architecture Model

Pcanel/V2: A VMM Architecture Based on Intel VT-x

TRainbow: a new trusted virtual machine based platform

Building Trust into Cloud Computing Using Virtualization of TPM

A Kernel Integrity Protection Technology Based on Virtual Machine

Multilateral Security Architecture for Virtualization Platform in Multi-Tenancy Cloud Environment

Cerberus: A Novel Hypervisor to Provide Trusted and Isolated Code Execution

Dynamic integrity measurement architecture for virtual machine monitor based on dynamic root of trust