sHype Hypervisor Security Architecture: Layering Access Control in Virtualized Environments

Reiner Sailer, IBM Watson

sHype is a hypervisor security architecture developed by IBM Research over the last two years. It is available as an integral part of the Xen open-source hypervisor and is being integrated into IBM Power Hypervisors. sHype originally builds on the advantages of the emerging and broadly available hardware support for virtualization by providing simple system-independent and robust security policies for distributed workloads. It controls the use of virtual resources and communication across multiple platforms and provides a secure foundation for server platforms, such as strong isolation, mediated sharing between virtual machines, attestation and integrity guarantees for the hypervisor and its virtual machines, resource control, and secure services.

In this talk, I will briefly introduce the sHype access control framework and its implementation in the Xen hypervisor. The main part of the talk will focus on layering operating system security policies on top sHype to achieve finer-grained security, e.g., bridge peer sHype systems to build distributed reference monitors or leverage sHype to offer multi-level security policies to virtual domains. If desired, I can offer a small demonstration of how quickly and easily sHype workload protection policies can be created in Xen.


Reiner Sailer is a Research Staff Member at the IBM T. J. Watson Research Center since 1999 where he is working in the Secure Systems Department. He holds a Masters degree in Computer Science from the University of Karlsruhe (Germany 1994) and a Dr.-Ing. Degree in Electronic Engineering from the University of Stuttgart, Germany (1999), where he worked on privacy, multi-lateral security, and security and fraud control in telecommunication networks. His major research interests today include secure hardware, access control, network and systems security, trusted computing, and secure virtualization infrastructure.

6 September (Wednesday) at 1630 hrs

Gates 4B (opposite 490)