Secure Virtualization and Multicore Platforms

Software virtualization is common in modern computer and telecommunication systems as it allows considerable cost savings through software reuse and efficient hardware utilization. Virtualization technologies do not just enable hardware abstraction but can also give stricter control over the computing platform resources, which in turn, allows creation of secure execution environments on server and application platforms. For single-CPU systems the performance and security tradeoffs provided through different virtualization technologies are rather well understood. However, this is not true for multi-core systems.

The project evaluates how virtualization in multi-core environments can serve security while preserving its other benefits (hardware abstraction) without too high performance cost. We base our work on widely deployed commercial hardware platforms and well established virtualization technologies, evaluating them from security and performance perspective when applied to multi-coreenvironment. The main security feature expected when employing a virtualized runtime environment is isolation between such environments. To have an efficient solution one also needs secure inter-VM-communication as well as secure resource sharing. We study how we can assure that a virtualized environment (hypervisor) itself is secure and that the OS (OSes) and “applications” running in each virtual machine (VM) are secure.

This is a joint research project betwwen SICS and Ericsson Research in Kista and Lund.

This project is closely related to the SICS-Ericsson Vinnova project SVaMP.