Simplevisor, Alex Ionescu
iOS 9 Security, Apple
Open-source microkernel projects, Jakub Jermar
blackhat, How Windows 10 rewrites OS architecture, Alex Ionescu
Genode OS Architecture, Norman Feske
LinuxCon NA, Security in the Cloud: Xen, KVM, Containers, George Dunlap
Xen Summit, Security and the Properties of a Xen Virtualization Platform, Philip Tricca (video)
Software compartmentalization vs. physical separation, Joanna Rutkowska
Xen Summit, Zero-Footprint Guest Memory Introspection from Xen, Mihai Dontu & Ravi Sahita
VM Introspection, Hypervisor support for Introspection using Hardware Virtualization Extensions
LinuxCon EU, Securing your cloud with Xen’s advanced security features, George Dunlap (video)
Xen Summit, In-Guest Mechanisms to Strengthen Guest Separation, Philip Tricca (video)
Multi-Level (MLS) Hypervisor for Server
- Thoughts on Intel’s upcoming Software Guard Extensions, Part 1 — Part 2, Joanna Rutkowska
- Xen Summit, μ-Xen, Ian Pratt
Micro-Virtualization, Type-2 Hypervisor, VM Fork, Deprivileged Windows Host
- Xen Summit, Xen and Client Virtualization: the case of XenClient XT, Gianluca Guida
Client Virtualization, VPN VM, Linux Stub Domains, Graphics Virtualization, Inter-VM Communication, SE Linux, Xen Security Modules (XSM), Dynamic Root of Trust Measurement (DRTM), Service VMs, Intel VT-d, Intel TXT.
- Qubes OS Architecture, Joanna Rutkowska
Secure GUI, Secure networking, Secure storage, Analysis of potential attack vectors
- Xen Summit, HXEN: Hosted Xen, Christian Limpach & Peter Johnston
Type-2 Hypervisor for Windows Host
- Xen Summit, Trusted Boot: Verifying the Xen Launch, Joseph Cihula
- Computer History Museum, ACM Conference on the History of Personal Workstations
IEEE Symposium on Security and Privacy, XMHF: Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework, Amit Vasudevan et al.
Security Protocols Workshop, Towards a Theory of Application Compartmentalisation, Robert N.M. Watson et al.
ASPLOS, Unikernels: Library Operating Systems for the Cloud, Anil Madhavapeddy et al.
SOSP, VirtuOS: an operating system with kernel virtualization, Ruslan Nikolaev and Godmar Back
- ACM Symposium on Operating Systems Principles, Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor, Patrick Colp et al.
“We present Xoar, a modified version of Xen that retrofits the modularity and isolation principles used in microkernels onto a mature virtualization platform. Xoar breaks the control VM into single-purpose components called service VMs. We show that this componentized abstraction brings a number of benefits: sharing of service components by guests is configurable and auditable, making exposure to risk explicit, and access to the hypervisor is restricted to the least privilege required for each component.”
- Bear – A Resilient Operating System for Scalable Multi-processors, Stephen Taylor et al.
“This paper describes a minimalist operating system design aimed at scalable multi-processor systems whose primary goal is resilience. The design is expressly targeted toward critical military applications for the purpose of operating through failures, errors, and malicious attacks.”
- Folk Models of Home Computer Security, Rick Wash
- ACM Conference on Virtual Execution Environments, Improving Xen Security through Disaggregation, Derek Murray et al.
“We introduce our work to disaggregate the management virtual machine in a Xen-based system … moves the domain builder, the most important privileged component, into a minimal trusted compartment. We illustrate how this approach may be used to implement “trusted virtualisation” and improve the security of virtual TPM implementations.
- ACM Workshop on New Security Paradigms, Robustly Secure Computer Systems: A new security paradigm of system discontinuity, Jon A. Solworth
Computer magazine, Can We Make Operating Systems Reliable and Secure?, Andrew S. Tanenbaum et al.
USENIX Security, Virtualizing the Trusted Platform Module, Stefan Berger et al.
ASPLOS, A Comparison of Software and Hardware Techniques for x86 Virtualization, Keith Adams et al.
- Annual Computer Security Applications Conference, A Nitpicker’s guide to a minimal-complexity secure GUI, Norman Feske and Christian Helmuth
- ACM Symposium on Operating Systems Principles, Xen and the Art of Virtualization, Paul Barham et al.
“This paper presents Xen, an x86 virtual machine monitor which allows multiple commodity operating systems to share conventional hardware in a safe and resource managed fashion, but without sacricing either performance or functionality.”
- USENIX Security, The Flask Security Architecture: System Support for Diverse Security Policies, Ray Spencer et al.
- IEEE Transactions on Software Engineering, A Retrospective on the VAX VMM Security Kernel, Paul Karger et al.
- IBM Journal of Research & Development, The Origin of the VM/370 Time-sharing System, R.J. Creasy