HypeBIOS: Enforcing VM Isolation with Minimized and Decomposed Cloud TCB

Virtualization has made cloud computing a popular trend by virtue of its elastic “data anywhere” and “computing anywhere”. However, traditional virtualization architectures usually have three drawbacks: 1) being vulnerable to many known attacks targeting at the large software stacks; 2) endowing too much power to cloud providers, who can fully control the Virtual Machine Monitor (VMM) and the management Virtual Machine (VM); and 3) lacking trusted isolation between VMs. In this paper, we propose HypeBIOS to provide isolation of VMs based on a verifiable thin virtualization Trusted Computing Base (TCB). Unlike the traditional architectures, HypeBIOS excludes unnecessary initialization components in the boot chain and shifts the control VM (management VM) out of the TCB. The reduced TCB is further decomposed into two layers. The master layer works in the System Management Mode (SMM) and contains crucial handlers. The slave layer resides in the legacy virtualization host mode to cooperate with the master layer. We build a prototype of HypeBIOS on the x86 platform. The experiments show that HypeBIOS only introduces moderate overhead.