IBM Research - Secure Hypervisor


			sHype - Secure Hypervisor

Introduction

Research Hypervisor

IBM Research

Other projects in

Security

Related Disciplines

Chemistry
Computer Science
Electrical Engineering
Materials Science
Mathematical Sciences
Physics

Page Contact

sHype is a hypervisor security architecture developed by IBM Research, in various stages of implementation in several hypervisors. sHype is designed and developed in close collaboration with the IBM Systems and Technology Group. Our main goal is to provide a secure foundation for server platforms, providing functions such as:

Strong isolation, mediated sharing and communication between Virtual Machines.
These properties are all strictly controlled by a flexible access control enforcement engine. This engine can enforce mandatory policies such as Multi-level Security (MLS), Role-based Access Control (RBAC), and Type Enforcement (TE).
Attestation and integrity guarantees for the hypervisor and its virtual machines.
We are extending the Trusted Computing Group (TCG) specification to include hypervisor-based server platforms. Our goal here is secure boot or authenticated boot code guarantees for the hypervisor platform, Virtual Machines, and optionally the guest operating systems and applications running on Virtual Machines. To support a large number of Virtual Machines, we have developed a virtual TPM architecture which we have applied to the Xen open-source hypervisor.
Resource control and accurate accounting guarantees.
All resources are strictly accounted for and may be constrained. Simple resources include memory and CPU cycles. More elaborate resource management is needed to control network bandwidth, e.g., to limit the network bandwidth to a Virtual Machine.
Secure Services.
sHype provides the base infrastructure for disaggregation of services, such as security policy management or distributed auditing, into smaller and more manageable protected execution environments, thereby enabling their system-wide utilization and potentially enhancing the assurance of these services.

Our work focuses on securing IBM server platforms and we are taking advantage of IBM's high-performance virtualization support because performance is key to the acceptance of sHype.

In the open source community, we have developed a small security extension to Xen, an open-source hypervisor. It allows administrators to define simple policies (currently: Chinese Wall and Type Enforcement) that govern the control and sharing capabilities of Virtual Machines that run simultaneously on a single Xen system. We have also explored implementing these security architecture features in the open-source Research hypervisor rHype, with Linux running inside the Virtual Machines.

Research Report RC23629: R.Sailer, T. Jaeger, E. Valdez, R. Perez, S. Berger, J. L. Griffin, L. van Doorn, : Building a MAC-based Security Architecture for the Xen Opensource Hypervisor.

Research Report RC23511: R. Sailer, E. Valdez, T. Jaeger, R. Perez, L. van Doorn, J. L. Griffin, S. Berger: sHype: Secure Hypervisor Approach to Trusted Virtualized Systems.