Architectural Support for Hypervisor-Secure Virtualization
Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest Virtual Machines (VMs). Continuing releases of bug reports and exploits in the virtualization software show that defending the hypervisor against attacks is very difficult. In this paper, the authors present hypervisor-secure virtualization - a new research direction with the goal of protecting the guest VMs from an untrusted hypervisor. They also present the HyperWall architecture which achieves hypervisor-secure virtualization, using hardware to provide the protections.