Virtualization has come into wide use in today’s computing systems. By allowing whole software stacks to be encapsulated as virtual machines, the technique has enabled a broad spectrum of applications. However, a common, fundamental assumption of all these virtualization-based systems is the presence of a trustworthy hypervisor. Unfortunately, recent successful attacks against all major commodity hypervisors, in addition to the bloated trusted computing base and highly complex internal logic of hypervisors, seriously calls into question the validity of this assumption. **In this talk, I will first present two systems we developed to mitigate these threats: HyperSafe is a system that uniquely enables self-protection for type-I (bare-metal) hypervisors by enforcing their control flow integrity, while HyperLock is a system that can securely isolate a type-II (hosted) hypervisor to protect the host OS and other guests even if the hypervisor is compromised. These two systems provide a solid foundation for a safe virtualization environment. Finally, I will discuss a third system, HookSafe, that leverages virtualization technology to defeat kernel rootkits, which many consider to be among the most insidious threats to computer security.
Zhi Wang is a Ph.D. candidate in the Department of Computer Science at North Carolina State University. He received his M.S. and B.S. in Computer Science from the Xi’an Jiaotong University in China in 2002 and 1999, respectively. His research interests lie primarily in the area of computer security, with an emphasis on systems security, particularly operating systems security, virtualization security, and mobile security. His dissertation research focuses on establishing a safe virtualization environment.