David Lie
Since 2015, the size of the public IaaS cloud market has almost tripled, from 25B to 65B in 2018, and is projected to reach 151B by 2025.  A key component of IaaS cloud infrastructure is a hypervisor, which is a software component that allows multiple virtual “guest” operating systems to run on a single physical machine.  Because the hypervisor is a common component of every cloud infrastructure, we have explored how a hypervisor can be used to provide greater security for cloud users. We have pursued research projects have invented new mechanisms for enabling protection using a hypervisor.  Proxos allows applications to control how much they trust a commodity operating system by exposing only non-security sensitive data and operations to the commodity system and protecting security-sensitive operations by directing them to a secure private operating system.  We also developed two systems, Manitou and Patagonix use a hypervisor to detect covertly executing malware on systems without having to assume anything about the operating system.   Our Sensors system based on uses a hypervisor to monitor a set of honeypots – purposely vulnerable machines we had created to study the behaviors of real Internet attackers.  Finally, we devised a way to perform patch auditing using a hypervisor system in our P2 system.  Now with our recently funded ONR project on Debloating Containers, we will again be looking at how to use virtualization to improve security, this time with an eye towards breaking up and removing all that bloat code from Docker containers and firmware images.