Skip navigation
Please use this identifier to cite or link to this item: http://arks.princeton.edu/ark:/88435/dsp01nz805z81d
Full metadata record
DC FieldValueLanguage
dc.contributor.advisorLee, Ruby B.en_US
dc.contributor.authorSzefer, Jakub M.en_US
dc.contributor.otherElectrical Engineering Departmenten_US
dc.date.accessioned2013-09-16T17:26:34Z-
dc.date.available2013-09-16T17:26:34Z-
dc.date.issued2013en_US
dc.identifier.urihttp://arks.princeton.edu/ark:/88435/dsp01nz805z81d-
dc.description.abstractCloud computing, enabled by virtualization technologies, has become an important computing paradigm. However, by choosing the cloud computing model the customers give up control, e.g. over the system software, of servers where their code executes and where their data is stored. In this dissertation, we propose to leverage server hardware to provide protections for the code and data inside a customer's virtual machines on the remote cloud servers. In particular, this dissertation explores a threat that has not been addressed by researchers before -- that of the virtualization (system) software becoming compromised or malicious and attacking other virtual machines on the server. The high-level goal is to make code and data executing in a remote virtual machine as secure as if it were executing inside a customer's own office on a dedicated server, despite customer's lack of control over the system software. The first new research direction that we present is our hypervisor-free virtualization, which is realized in the NoHype architecture. Hypervisor-free virtualization takes a novel approach of removing the need for a virtualization layer during a virtual machine's runtime. This eliminates the attack surface from potentially malicious virtual machines to the virtualization layer and reduces the attackers' means for gaining virtualization layer privileges that they could then use to compromise the rest of the system. The hypervisor-free virtualization can be realized on existing hardware. The second new research direction that we present is our hypervisor-secure virtualization, which is realized in the HyperWall architecture. The architecture proposes new hardware so that untrusted virtualization layer can dynamically manage server resources, such as memory allocation, but confidentiality and integrity of virtual machines memory is protected. We also present hardware trust evidence mechanisms, which can be used to attest to the customer configuration and enforcement of protections of their virtual machines. The last part of this dissertation presents a new security verification methodology. Our methodology can be used to help check the correctness of hardware-software security architectures. Performing security verification, which is different from functional verification, can help find security bugs and facilitate committing designs to hardware.en_US
dc.language.isoenen_US
dc.publisherPrinceton, NJ : Princeton Universityen_US
dc.relation.isformatofThe Mudd Manuscript Library retains one bound copy of each dissertation. Search for these copies in the <a href=http://catalog.princeton.edu> library's main catalog </a>en_US
dc.subjectCloud Computingen_US
dc.subjectComputer Architectureen_US
dc.subjectSecurityen_US
dc.subject.classificationComputer engineeringen_US
dc.titleArchitectures for Secure Cloud Computing Serversen_US
dc.typeAcademic dissertations (Ph.D.)en_US
pu.projectgrantnumber690-2143en_US
Appears in Collections:Electrical Engineering

Files in This Item:
File Description SizeFormat 
Szefer_princeton_0181D_10626.pdf16.44 MBAdobe PDFView/Download


Items in Dataspace are protected by copyright, with all rights reserved, unless otherwise indicated.