报告题目:VirtualizationSecurity: The Good, The Bad and The Ugly
报告日期及时间:2016年11月22日星期二,上午10:30-11:30报告地点:计算机学院大楼B-404
报告人:Dr. Haibo Chen
报告人单位:Shanghai JiaoTong University
报告人简介:Haibo Chen is a Professor at theSchool of Software, Shanghai Jiao Tong University, where he co-founded andcurrently leads the Institute of Parallel and Distributed Systems (IPADS)(http://ipads.se.sjtu.edu.cn). Haibo’s main research interests are buildingscalable and dependable systems software, by leveraging cross-layeringapproaches spanning computer hardware, system virtualization and operatingsystems. He received best paper awards from ICPP, APSys and EuroSys, a bestpaper nominee from HPCA and published intensively on top conferences likeSOSP/OSDI/EuroSys/Usenix ATC/ISCA/MICRO/HPCA/FAST/Usenix Security/CCS/PPoPP. Healso received the Young Computer Scientist Award from China ComputerFederation, the distinguished Ph.Dthesis award from China Ministry of Education and National Youth Top-notchTalent Support Program of China, as well as fault research awards/fellowshipsfrom NetApp, Google, IBM and MSRA. He is currently the steering committeeco-chair of ACM APSys, the general co-chair of SOSP 2017, serves on programcommittees of ASPLOS 2017, Oakland 2017, EuroSys 2017 and FAST 2017, and isalso on the editorial board of ACM Transactions on Storage.
报告摘要:The resurgence of virtualization hasstimulated its wide adoption in desktop, cloud and mobile environments. Withvirtualization being a new systems software foundation, virtual machinemonitors (or hypervisors) are now treated as the security foundation of thesystem software stack, due to the promise of being small and providing strictsecurity isolation. In this talk, I will first question whether such a promisestill holds in commodity hypervisors by reviewing the historical evolution ofvirtualization. Based on a negative answer, I will discuss a series of effortsto enhancing the security isolation while minimizing the trusted computingbased of the virtualization stack, including leveraging a commodity hypervisorto isolate a group of process, using a nested hypervisor to transparentlyisolate virtual machines and completely offloading isolation functionalitiesinto on-chip CPU. Finally, I will also describe a set of new securityinnovation enabled by virtualization, such as live updating, securityintrospection and fine-grained compartmentalization.
邀请人:王骞教授
