Commodity virtual machine monitors forbid direct ac-cess to I/O devices by untrusted guest operating systems in order to provide protection and sharing. However, both I/O memory management units (IOMMUs) and re-cently proposed software-based methods can be used to reduce the overhead of I/O virtualization by providing untrusted guest operating systems with safe, direct ac-cess to I/O devices. This paper explores the performance and safety tradeoffs of strategies for using these mecha-nisms. The protection strategies presented in this paper pro-vide equivalent inter-guest protection among operating system instances. However, they provide varying levels of intra-guest protection from driver software and incur varying levels of overhead. A sim...
Virtualization is increasingly utilized for consolidating server resources to improve efficiency by ...
The business world is exhibiting a growing dependency on computer systems, their operations and th...
We present a solution for preventing guests in a virtualized system from using direct memory access ...
Commodity virtual machine monitors forbid direct ac-cess to I/O devices by untrusted guest operating...
Due to historical reasons, today's computer systems treat I/O devices as second-class citizens, supp...
Abstract- Prevalent and popular virtualization technologies have concentrated on consolidating serve...
Over the last few years there has been immense progress in developing powerful security tools based ...
Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing vari...
Currently, I/O device virtualization models in virtual machine (VM) environments require involvement...
International audienceAttacks targeting computer systems become more and more complex and various. S...
This paper surveys virtualization of I/O devices, which is one of the most difficult parts in system...
Kernel-level attacks or rootkits can compromise the security of an operating system by executing wit...
A key goal of security architectures is to separate I/O transfers of security-sensitive applications...
IOMMUs are hardware devices that trans-late device DMA addresses to proper ma-chine physical address...
Direct device assignment enhances the performance of guest virtual machines by allowing them to comm...
Virtualization is increasingly utilized for consolidating server resources to improve efficiency by ...
The business world is exhibiting a growing dependency on computer systems, their operations and th...
We present a solution for preventing guests in a virtualized system from using direct memory access ...
Commodity virtual machine monitors forbid direct ac-cess to I/O devices by untrusted guest operating...
Due to historical reasons, today's computer systems treat I/O devices as second-class citizens, supp...
Abstract- Prevalent and popular virtualization technologies have concentrated on consolidating serve...
Over the last few years there has been immense progress in developing powerful security tools based ...
Virtual machine monitors (VMMs), including hypervisors, are a popular platform for implementing vari...
Currently, I/O device virtualization models in virtual machine (VM) environments require involvement...
International audienceAttacks targeting computer systems become more and more complex and various. S...
This paper surveys virtualization of I/O devices, which is one of the most difficult parts in system...
Kernel-level attacks or rootkits can compromise the security of an operating system by executing wit...
A key goal of security architectures is to separate I/O transfers of security-sensitive applications...
IOMMUs are hardware devices that trans-late device DMA addresses to proper ma-chine physical address...
Direct device assignment enhances the performance of guest virtual machines by allowing them to comm...
Virtualization is increasingly utilized for consolidating server resources to improve efficiency by ...
The business world is exhibiting a growing dependency on computer systems, their operations and th...
We present a solution for preventing guests in a virtualized system from using direct memory access ...