Since 2015, the size of the public IaaS cloud market has almost tripled, from 25B to 65B in 2018, and is projected to reach 151B by 2025. A key component of IaaS cloud infrastructure is a hypervisor, which is a software component that allows multiple virtual “guest” operating systems to run on a single physical machine. Because the hypervisor is a common component of every cloud infrastructure, we have explored how a hypervisor can be used to provide greater security for cloud users.
We have pursued research projects have invented new mechanisms for enabling protection using a hypervisor. Proxos allows applications to control how much they trust a commodity operating system by exposing only non-security sensitive data and operations to the commodity system and protecting security-sensitive operations by directing them to a secure private operating system. We also developed two systems, Manitou and Patagonix use a hypervisor to detect covertly executing malware on systems without having to assume anything about the operating system. Our Sensors system based on uses a hypervisor to monitor a set of honeypots – purposely vulnerable machines we had created to study the behaviors of real Internet attackers. Finally, we devised a way to perform patch auditing using a hypervisor system in our P2 system. Now with our recently funded ONR project on Debloating Containers, we will again be looking at how to use virtualization to improve security, this time with an eye towards breaking up and removing all that bloat code from Docker containers and firmware images.
Contact
David Lie | 李云峰
Sandford Fleming 2001C
10 King’s College Road
Toronto, ON M5S 3G4
Phone: (416) 946-0251
Fax: (416) 978-1145
Admin: Simone Rodrigue / Shania Dela Paz
david.lie@utoronto.ca(PGP key)
Recent News
Congrats to Kexin and Jiaqi fo... -- September 22, 2024
Excited to be starting a $5.6M... -- August 7, 2024
Advancing AI Safety as Directo... -- July 2, 2024
Two upcoming papers at ASE 202... -- September 1, 2023
Shawn gave a great talk at DSN... -- July 12, 2023
Wendy's Paper on Classifying P... -- July 2, 2023
Shawn's paper on vWitness to a... -- May 10, 2023
David Lie awarded the 2023 Saf... -- April 27, 2023
Article and Video on SRI Round... -- March 28, 2023
I'm hosting an upcoming SRI Ro... -- February 15, 2023