Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor

Cloud computing uses virtualization to lease small slices of largescale datacenter facilities to individual paying customers. These multi-tenant environments, on which numerous large and popular web-based applications run today, are founded on the belief that the virtualization platform is sufficiently secure to prevent breaches of isolation between different users who are co-located on the same host. Hypervisors are believed to be trustworthy in this role because of their small size and narrow interfaces. The authors observe that despite the modest footprint of the hypervisor itself, these platforms have a large aggregate Trusted Computing Base (TCB) that includes a monolithic control VM with numerous interfaces exposed to VMs.