Abstract
In Infrastructure-as-a-Service (IaaS) clouds, remote users access provided virtual machines (VMs) via the management server. The management server is managed by cloud operators, but not all the cloud operators are trusted in semi-trusted clouds. They can execute arbitrary management commands to users' VMs and redirect users' commands to malicious VMs, which is called the VM redirection attack. The root cause is that the binding of users to VMs is weak. In other words, it is difficult to enforce the execution of only users' management commands to their VMs. In this paper, we propose UVBond for strongly binding users to their VMs to solve this problem. UVBond boots user's VM by decrypting its encrypted disk inside the trusted hypervisor. Then it issues a VM descriptor to securely identify that VM. To bridge the semantic gap between high-level management commands and low-level hypercalls, UVBond uses hypercall automata, which accept the sequences of hypercalls issued by commands. We have implemented UVBond in Xen and confirmed that a VM descriptor and hypercall automata prevented attacks and that the overhead was not large.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
