2021 Fiscal Year Final Research Report
Avoiding Legacy Code Execution to Improve Hypervisor Security
| Project/Area Number |
19K11906
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Review Section |
Basic Section 60050:Software-related
|
|---|
| Research Institution | Keio University |
|---|
Principal Investigator |
Kono Kenji 慶應義塾大学, 理工学部(矢上), 教授 (90301118)
|
|---|
| Project Period (FY) |
2019-04-01 – 2022-03-31
|
| Keywords | ハイパーバイザ / 仮想マシン / 仮想デバイス / 脆弱性 / セキュリティ |
|---|
| Outline of Final Research Achievements |
Improving the safety of the hypervisor, which is the basis of the cloud environment, is directly linked to the safety of all the users of the cloud environments. In this research project, from the standpoint that it is difficult to eliminate all the vulnerabilities lurking in the hypervisors in advance, we aim to manage the hypervisors safely even if they have serious vulnerabilities. Focusing on the fact that many of the hypervisor vulnerabilities are in the code that emulates legacy instructions and devices, we have established a method for effectively filtering the execution requests of legacy code that does not need to be emulated. Our focus is especially on the instruction emulators and virtual device emulators for research and development, and it has been shown that the proposed method is effective against many attacks reported so far and has low run-time overhead.
|
| Free Research Field |
システムソフトウェア
|
| Academic Significance and Societal Importance of the Research Achievements |
マルチテナント型のクラウド環境はすでに広く普及しており,社会基盤のひとつとなっている.テナント間での情報の秘匿性・完全性などを保証する基盤となっているのはハイパーバイザという低レイヤのソフトウェアである.ハイパーバイザに脆弱性があれば,そこが攻撃の起点となり,クラウド上のすべてのサービス,すべての利用者のセキュリティが損なわれる.本研究は,クラウド環境の根幹であるハイパーバイザの安全性向上に寄与するものであり,その社会的意義は高い.ハイパーバイザそのものの機能拡張は行っておらず,既存のハイパーバイザと仮想マシンの間に薄いソフトウェアレイヤを仕込めばよく,デプロイも容易であると期待される.
|
