VirtualSafe : A Secure Virtual Environment

Iso-X

In today’s world, one of the major challenges in secure computing is to provide an efficient and a secure way to protect the critical information from the attacks launched using untrusted and compromised security systems. With new versions of hypervisors coming out, each version has some new functionality implemented which leads the code to grow in size. This further opens a pathway for hackers to exploit, using the underlying software layers, the security vulnerabilities that exist in these systems. In this paper, we talk about a framework called Iso-X . Iso-X, partitions the code into Untrusted Partition for the non-critical program code and Trusted Partition for the security-critical code fragments. The hardware uses the concept of isolated compartments to execute the security-critical pieces of application code


NIMP

With the growing complexity of a multi-layer software stacks, it is becoming extremely difficult to protect the systems against the growing range of possible attacks. Nowadays, hypervisors allow multiple operating systems on top of them. Since these multi-layer systems are centered on inclusive-memory permissions, a single exploit can compromise the entire system. In this paper, we present Non-inclusive Memory Permissions (NIMP), a lightweight form of mandatory access control enforced through hardware on the different layers (Hypervisor, OS, User) of a virtualized system. In other words, Non-Inclusive Memory Permission architecture is hardware supported framework that assigns each privilege later only the minimum set of permissions necessary to carry out its tasks.