"Virtualization Security: The Good, The Bad and The Ugly"
The resurgence of virtualization has stimulated its wide adoption in desktop, cloud and mobile environments. With virtualization being a new systems software foundation, virtual machine monitors (or hypervisors) are now treated as the security foundation of the system software stack, due to the promise of being small and providing strict security isolation. In this talk, I will first question whether such a promise still holds in commodity hypervisors by reviewing the historical evolution of virtualization. Based on a negative answer, I will discuss a series of efforts to enhancing the security isolation while minimizing the trusted computing based of the virtualization stack, including leveraging a commodity hypervisor to isolate a group of process, using a nested hypervisor to transparently isolate virtual machines and completely offloading isolation functionalities into on-chip CPU. Finally, I will also describe a set of new security innovation enabled by virtualization, such as live updating, security introspection and fine-grained compartmentalization.
Bio: Haibo Chen is a Professor at the School of Software, Shanghai Jiao Tong University, where he co-founds and leads the Institute of Parallel and Distributed Systems (IPADS) (http://ipads.se.sjtu.edu.cn). He currently also serves as Huawei's Chief Scientist for OS and directs the OS Kernel Lab. Haibo's main research interests are building scalable and dependable systems software, by leveraging cross-layering approaches spanning computer hardware, system virtualization and operating systems. He is currently the steering committee co-chair of ACM APSys and Chair of ACM ChinaSys, serves on program committees of IEEE S&P 2019, CCS 2019, Usenix ATC 2019 and SOSP 2019 and the editorial board of ACM Transactions on Storage.
|Time:||Tuesday, 15.01.2019, 1:00 p.m.|
|Place:||MPI-SWS Saarbrücken, room 029|
|Video:||Simultaneous video cast MPI-SWS Kaiserslautern Paul Ehrlich Str. 26, room 111|