A hypervisor is a software which virtualizes hardware resources, allowing several guest operating systems to run simultaneously on the same machine. Since the hypervisor manages the access to resources, a bug can be critical for the guest Oses. In this thesis, we focus on memory isolation properties of a type 1 hypervisor, which virtualizes memory using Shadow Page Tables. More precisely, we present a low-level and a high-level model of the hypervisor, and we formally prove that guest OSes cannot access or tamper with private data of other guests, unless they have the authorization to do so. We use the language and the proof assistant developed by Prove & Run. There are many optimizations in the low-level model, which makes the data structu...
Hosted hypervisors (e.g., KVM) are being widely deployed. One key reason is that they can effectivel...
AbstractThe paper discusses the constructive framework for writing hypervisor on the top of the VM. ...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
A hypervisor is a software which virtualizes hardware resources, allowing several guest operating sy...
International audienceHypervisors must isolate memories of guest operating systems. This paper is co...
In order to host a general purpose operating system, hypervisors need to virtualize the CPU memory s...
VirtualCert is a machine-checked model of virtualization that can be used to reason about isolation ...
Virtualization software is increasingly a part of the infrastructure behind our online activities. C...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
SecVisor is a hypervisor designed to guarantee that only code approved by the user of a system execu...
Nowadays, cloud computing is gaining more and more popularity. People use cloud-related services eve...
Hypervisors are a popular mechanism for implementing software virtualization. Since hypervisors exec...
A hypervisor provides secure separation of multiple virtual machines on a device, thus removing conf...
Hosted hypervisors (e.g., KVM) are being widely deployed. One key reason is that they can effectivel...
In a virtualized environment, the hypervisor provides isolation at the software level, but shared in...
Hosted hypervisors (e.g., KVM) are being widely deployed. One key reason is that they can effectivel...
AbstractThe paper discusses the constructive framework for writing hypervisor on the top of the VM. ...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
A hypervisor is a software which virtualizes hardware resources, allowing several guest operating sy...
International audienceHypervisors must isolate memories of guest operating systems. This paper is co...
In order to host a general purpose operating system, hypervisors need to virtualize the CPU memory s...
VirtualCert is a machine-checked model of virtualization that can be used to reason about isolation ...
Virtualization software is increasingly a part of the infrastructure behind our online activities. C...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
SecVisor is a hypervisor designed to guarantee that only code approved by the user of a system execu...
Nowadays, cloud computing is gaining more and more popularity. People use cloud-related services eve...
Hypervisors are a popular mechanism for implementing software virtualization. Since hypervisors exec...
A hypervisor provides secure separation of multiple virtual machines on a device, thus removing conf...
Hosted hypervisors (e.g., KVM) are being widely deployed. One key reason is that they can effectivel...
In a virtualized environment, the hypervisor provides isolation at the software level, but shared in...
Hosted hypervisors (e.g., KVM) are being widely deployed. One key reason is that they can effectivel...
AbstractThe paper discusses the constructive framework for writing hypervisor on the top of the VM. ...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...