Details

Project TitleEMHF: Extensible, Modular Hyper Framework
Track Code2012-156
Websitehttp://sourceforge.net/projects/xmhf/
Short Description

The Extensible, Modular Hypervisor Framework (EMHF) is intended to serve as a minimal starting point for the development of research and special-purpose hypervisors.

AbstractNone
 
Tagsopen source
 
Posted DateJan 7, 2013 4:21 PM

Researcher

Name
Adrian Perrig
James Newsome
Virgil Gligor
Jonathan McCune
Amit Vasudevan

Manager

Name
Tara Branstad

Contact Information

Please contact Cindy Chepanoske, cchepano@andrew.cmu.edu, if you have any questions.

Description of Technology

The Extensible, Modular Hypervisor Framework (EMHF) is intended to serve as a minimal starting point for the development of research and special-purpose hypervisors. Its architecture emphasizes small size and security properties. EMHF employs a boot process that involves the use of dynamic root of trust features of recent x86 platforms, and supports TPM-based integrity measurement. TrustVisor is a hypervisor designed to provide an isolated execution environment for registered pieces of application logic (PALs). PALs are given an API for basic trustworthy computing primitives. This implementation of TrustVisor is a "hyper-app" module that runs atop the "Extensible, Modular Hypervisor Framework" (EMHF). Along with TrustVisor, we have developed the tee-sdk, a software development kit (SDK) to assist programmers in writing applications that leverage the trustworthy execution environment (TEE) provided by TrustVisor. We have also developed a reference application (tee-cred) in the form of an audited credential manager (e.g., password wallet), and several small test programs that exercise tee-sdk and TrustVisor. Lockdown is a new point in the design space of red/green systems, which provide the user with a highly-protected, yet also highly-constrained trusted ("green") environment for performing security-sensitive transactions, as well as a high-performance, general-purpose environment for all other (non-security-sensitive or "red") applications. The design and implementation of the Lockdown architecture emphasize partitioning, rather than virtualizing, resources and devices in the interest of better security and performance for red/-green systems. We also design a simple external interface to allow the user to securely learn which environment is active and easily switch between them.