Academic Papers

Virtual Memory Fuses for Hardened Virtual Machines

The traditional computation stack puts lower layers of software (e.g., operating systems or kernels, hypervisors) in the “Trusted Compute Base” for higher layer application software. This means that the status-quo for systems today is a hierarchical trust model in which any compromise in a lower layer compromises all layers above it completely. In this paper we investigate Virtual Memory Fuses (VMF): a technique that challenges this status-quo by protecting higher layers of the system software stack even in the event of a compromise in a lower layer. In particular, we present two prototypes that use the VMF idea to protect guest OS memory confidentiality and integrity even in the event of complete hypervisor compromise. The first prototype is on REDACTED, a research-grade hypervisor and micro-kernel, while the second is built on Xen to demonstrate feasibility on a production-grade hypervisor. VMF is implemented through the virtual memory abstraction and is compatible with modern processor architectures that support virtual memory, with no additional special hardware extensions required. While VMF limits hypervisor functionality for server-class applications, many embedded targets could use VMF without degrading services. Furthermore, VMF imposes negligible (averaging less than 1%) performance cost.

• Category: Machine Learning
• Tag: virtualization, virtual memory, trusted execution environment
• Author: Unknown Author