Virtualization technology has been around since the late 1960's. Initially, it was conceived to maximize utilization of expensive hardware by running multiple instances of an operating system using virtual machines (VM). In the last decade, virtualization has become popular due to its cost and space saving advantages. From a security perspective, virtualization enables implementation of a key security design principle, namely compartmentalization. Several performance and security issues have been identified in current virtualization architectures for x86 machines. These issues arise from the fact that the current virtualization architecture depends on a central VM0 to provide critical I/O services. In this project we propose to prototype a High Assurance Virtualization ENgine (HAVEN) using Field Programmable Gate Array (FPGA) based secure co-processing to address the aforementioned limitations of current virtualization technology. HAVEN will:

• Increase reliability via a hardware-assisted virtual I/O subsystem for each VM
• Improve performance by minimizing and possibly eliminating the switching back to the controller VM0 and by using a hardwar virtual I/O manager
• Improve security by protecting storage and communication channels using FPGA-assisted encryption and authentication

Participants:

Resources:

Back to Projects