ECE Seminar with Jakub Szefer

1:00 pm on Friday, April 5, 2013
Photonics Center, 8 Saint Mary’s St., Room 339
Architectural Support for Securing Cloud Servers With Jakub Szefer Ph.D. Candidate Princeton University Faculty Host: Ayse Coskun Refreshments will be served outside Room 339 at 12:45 p.m. Abstract: Cloud computing is becoming a dominant computing paradigm. However, most cloud computing services are built using commodity systems not designed to handle the variety of threats present in this utility-like computing model. Users’ concerns and surveys of hypervisor vulnerabilities have motivated our research on securing virtual machines; in particular, we focus on protections from a malicious or compromised hypervisor. We have defined hypervisor-free virtualization, realized in the NoHype architecture, which aims to eliminate the need for active hypervisor when the virtual machines run. Our key insight is to use hardware virtualization features, originally designed for performance reasons, to remove the hypervisor attack surface and securely isolate the virtual machines. We also defined hypervisor-secure virtualization, realized in the HyperWall architecture, which further improves virtual machine security while providing more functionality over NoHype. The HyperWall architecture allows an untrusted commodity hypervisor to manage the system while the virtual machines are protected from it. Our key contribution is a special new hardware feature we introduced: the hardware-only accessible DRAM for storing the protections. To improve confidence in the security of the design, we recently proposed a novel security verification methodology and applied it to component interactions and protocols of HyperWall. By designing and verifying such architectures for secure cloud computing, we can enable more users to enjoy the benefits of cloud computing and be able to securely process sensitive code and data in virtual machines running on cloud servers – even if attackers can gain hypervisor-level privileges. About the Speaker: Jakub Szefer’s research interests are at the intersection of computer architecture and computer security. His recent work focuses on securing cloud computing, even if the hypervisor running on the cloud servers is compromised. He received his B.S. degree with highest honors in electrical and computer engineering from University of Illinois at Urbana-Champaign in 2006 and M.A. in Electrical Engineering from Princeton University in 2009. He expects his Ph.D., also in Electrical Engineering, from Princeton University in May 2013. He is part of the Princeton Architectural Lab for Multimedia and Security (PALMS) led by Professor Ruby B. Lee. In addition to research, he enjoys teaching and has won two outstanding TA awards and the Wu Prize for Excellence.