Title :
I/O Virtualization Architecture for Security
Author :
Lakshmi, J. ; Nandy, S.K.
Author_Institution :
Indian Inst. of Sci., Bangalore, India
fDate :
June 29 2010-July 1 2010
Abstract :
Prevalent and popular virtualization technologies have concentrated on consolidating servers based on the CPU component of the workload. Other system resources, particularly I/O devices like network interfaces and disks have been always designed to be in control of the OS that is managing system resources. Sharing of these devices has been through the OS abstraction layers, with device always being accessed and managed by the privileged OS kernel. Extending such systems for virtualization has resulted in sharing the device access path along-with the shared device, which makes this software layer the vulnerable component for the whole system. In this paper we argue that virtualization gives a simple and efficient mechanism for isolation, and hence improved security, if architected correctly. We analyze the existing I/O virtualization architectures with a view towards identifying the security issues and propose an enhancement that addresses these issues.
Keywords :
file organisation; network interfaces; operating system kernels; resource allocation; security of data; virtual machines; CPU component; OS abstraction layer; OS kernel; device access path; i/o device; i/o virtualization architecture; network interface; shared device; software layer; system resource; Bandwidth; Computer architecture; Driver circuits; Quality of service; Security; Servers; Software; I/O virtualization; denial of service attack; security threats; unconstrained DMA;
Conference_Titel :
Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on
Conference_Location :
Bradford
Print_ISBN :
978-1-4244-7547-6
DOI :
10.1109/CIT.2010.391
