Deconstructing Xen

  title={Deconstructing Xen},
  author={Le Shi and Y. Wu and Yubin Xia and Nathan Dautenhahn and H. Chen and B. Zang and Jinming Li},
  • Le Shi, Y. Wu, +4 authors Jinming Li
  • Published in NDSS 2017
  • Computer Science
  • Hypervisors have quickly become essential but are vulnerable to attack. Unfortunately, efficiently hardening hypervisors is challenging because they lack a privileged security monitor and decomposition strategies. In this work we systematically analyze the 191 Xen hypervisor vulnerabilities from Xen Security Advisories, revealing that the majority (144) are in the core hypervisor not Dom0. We then use the analysis to provide a novel deconstruction of Xen, called Nexen, into a security monitor… CONTINUE READING
    14 Citations
    Hardening Hypervisors against Vulnerabilities in Instruction Emulators
    • 2
    • Highly Influenced
    (Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization
    • Highly Influenced
    • PDF
    Comprehensive VM Protection Against Untrusted Hypervisor Through Retrofitted AMD Memory Encryption
    • 9
    • PDF
    Protecting Cloud Virtual Machines from Hypervisor and Host Operating System Exploits
    • 6
    • PDF
    ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK)
    • 35
    • PDF
    TEEv: virtualizing trusted execution environments on mobile platforms
    • 8
    SkyBridge: Fast and Secure Inter-Process Communication for Microkernels
    • 20
    • PDF
    Techniques to Protect Confidentiality and Integrity of Persistent and In-Memory Data
    • PDF
    LibrettOS: a dynamically adaptable multiserver-library OS
    • PDF
    Unikernels as Processes
    • 18
    • PDF


    HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
    • Zhi Wang, X. Jiang
    • Computer Science
    • 2010 IEEE Symposium on Security and Privacy
    • 2010
    • 380
    • PDF
    Isolating commodity hosted hypervisors with HyperLock
    • 57
    • PDF
    Taming Hosted Hypervisors with (Mostly) Deprivileged Execution
    • 32
    • Highly Influential
    • PDF
    Delusional boot: securing hypervisors without massive re-engineering
    • 25
    TinyChecker: Transparent protection of VMs against hypervisor failures with nested virtualization
    • 23
    • PDF
    Architecture support for guest-transparent VM protection from untrusted hypervisor and physical attacks
    • Yubin Xia, Y. Liu, H. Chen
    • Computer Science
    • 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA)
    • 2013
    • 65
    • PDF
    HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
    • 270
    • PDF
    Architectural support for hypervisor-secure virtualization
    • 116
    • PDF
    Eliminating the hypervisor attack surface for a more secure cloud
    • 278
    • PDF