Ecosystems
Industry
2019
-
Trenchboot, Linux Secure Launch Protocol, Daniel Smith
-
Xilinx, Xen Dom0-less, Stefano Stabellini
-
Xen, Argo: Hypervisor-Mediated Exchange (HMX), Christopher Clark
-
FOSDEM, rust-vmm, Andreea Florescu
VMM component sharing by AWS, Google, Intel & Redhat
- Arm, Software Architecture for Rich IoT on Corstone-700, Tushar Khandelwal
Device id/attestation & isolated security updates, similar to Microsoft Pluton and Azure Sphere
-
Apple, Arm-based Macs
-
Linux Foundation, Xen-on-Arm Edge Virtualization Engine, Roman Shaposhnik
-
Microsoft Privileged Access Workstations
-
AWS Nitro System, James Hamilton & Anthony Liguori (video, notes)
2018
-
35c3, Supply-chain PoC: Modchips of the State, Trammell Hudson (video)
-
Microsoft, Achieving 10-Million IOPS from a Single VM on Windows Hyper-V, Liang Yang & Danyu Zhu
-
Apple, Arm T2 Security Chip
-
Google OpenTitan & Microsoft Pluton attestation and silicon RoT
-
AMD, SEV Update, David Kaplan
-
NSA, Security in Zephyr and Fuchsia, Steve Smalley and James Carter (video, summary)
-
Microsoft, Azure Sphere: Fitting Linux Security in 4 MiB of RAM, Ryan Fairfax (video)
-
Microsoft, Do Zero Trust Approaches Deliver Real Security?, David Weston (video)
-
Turing Lecture, A New Golden Age for Computer Architecture, Hennessy & Patterson (video)
-
Platform Security Summit, OpenXT presentations
-
Intel, Time-Sensitive Networking for Mixed Criticality, Jesus Sanchez-Palencia (video)
-
Intel, ACRN: A Device Hypervisor Designed for IoT, Eddie Dong (video)
-
Microsoft, Inside the Octagon: Analyzing System Guard Runtime Attestation, Alex Ionescu & David Weston
-
Microsoft Windows System Guard Runtime Attestation
-
Microsoft BlueHat, Hardening with Hardware, David Weston (video)
-
Qubes Air: Generalizing the Qubes Architecture, Joanna Rutkowska
-
Meltdown and Spectre Exposure Analysis: Xen, Linux and Windows, Christopher Clark
2017
-
AWS EC2, Introducing Nitro, Brendan Gregg
-
IBM, Ultravisor Protected Execution Facility, Guerney D.H. Hunt
-
OpenXT, In Device We Trust: Measure Twice, Compute Once, Rich Persaud
-
HPE, Demystifying Server Root of Trust, Moor Insights
-
Microsoft, Seven Properties of Highly Secure Devices, Galen Hunt et al.
-
Dornerworks, Partitioning and Virtualization in an Embedded Environment, Josh Whitehead
-
Western Digital, NVME I/O Latency Optimization with Polling, Damien Le Moal
-
Intel, Full GPU virtualization with mediated pass-through, Zhenyu Wang
-
Intel, Runtime VM Protection by Intel Multi-Key Total Memory Encryption (MKTME), Kai Huang
-
Google, Fuzzing PCI express, Julia Hansbrough
-
Qubes, MSI support for PCI device pass-through with stub domains, Simon Gaiser
2016
-
Xen Summit, OpenXT Project, Christopher Clark (video)
-
OpenXT Summit
-
Simplevisor, Alex Ionescu
-
iOS 9 Security, Apple
-
BSides, QNX Security Architecture
-
Open-source microkernel projects, Jakub Jermar
2015
-
ITL, Intel x86 considered harmful, Joanna Rutkowska (video)
-
Xen Summit, Virtual Machine Introspection with Xen, Tamas Lengyel (video)
-
blackhat, How Windows 10 rewrites OS architecture, Alex Ionescu
-
InfoWorld, Office 365’s hidden agenda: Dump your MDM provider for Microsoft
-
Genode OS Architecture, Norman Feske
2014
-
LinuxCon NA, Security in the Cloud: Xen, KVM, Containers, George Dunlap
-
Xen Summit, Security and the Properties of a Xen Virtualization Platform, Philip Tricca (video)
-
ITL, Software compartmentalization vs. physical separation, Joanna Rutkowska
-
Xen Summit, Zero-Footprint Guest Memory Introspection from Xen, Mihai Dontu & Ravi Sahita
2013
-
LinuxCon EU, Securing your cloud with Xen’s advanced security features, George Dunlap (video)
-
Xen Summit, In-Guest Mechanisms to Strengthen Guest Separation, Philip Tricca (video)
-
NDSS Symposium, Laying a Secure Foundation for Mobile Devices, Stephen Smalley
-
Xen Summit, Secure Server Project, Jason Sonnek (video)
Multi-Level (MLS) Hypervisor for Server
- ITL, Thoughts on Intel’s upcoming Software Guard Extensions, Part 1 — Part 2, Joanna Rutkowska
2012
- Xen Summit, μ-Xen, Ian Pratt
Micro-Virtualization, Type-2 Hypervisor, VM Fast Fork, Deprivileged Windows Host
- Xen Summit, Xen and Client Virtualization: the case of XenClient XT, Gianluca Guida
Client Virtualization, VPN VM, Linux Stub Domains, Graphics Virtualization, Inter-VM Communication, SE Linux, Xen Security Modules (XSM), Dynamic Root of Trust Measurement (DRTM), Service VMs, Intel VT-d, Intel TXT.
2010
- ITL, Qubes OS Architecture, Joanna Rutkowska
Secure GUI, Secure networking, Secure storage, Analysis of potential attack vectors
2009
- Xen Summit, HXEN: Hosted Xen, Christian Limpach & Peter Johnston
Type-2 Hypervisor for Windows Host
- Intel TXT, Dynamics of a Trusted Platform, David Grawrock
2007
- Xen Summit, Trusted Boot: Verifying the Xen Launch, Joseph Cihula
1986
- Computer History Museum, ACM Conference on the History of Personal Workstations
Research
2019
-
DARPA ERI, Automatic Implementation of Secure Silicon (AISS), Serge Leef
-
DARPA ERI, Guaranteed Architecture for Physical Security (GAPS), Walter Weiss
-
NDSS, Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals, A. Theodore Markettos, Colin Rothwell et al.
-
ASPLOS, CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment, Brooks Davis et al.
2018
-
SIGCOMM, Understanding PCIe performance for end host networking, Rolf Neugebauer et al.
-
NSA, Using the Intel STM for Protected Execution, Eugene D. Myers
2017
-
ASAC, HP SureStart Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode, Ronny Chevalier et al.
-
SOSP, NEVE: Nested Virtualization Extensions for ARM, Jin Tack Lim et al.
-
NDSS, Deconstructing Xen, Le Shi et al.
2014
-
OSDI, Arrakis: The Operating System is the Control Plane, Simon Peter et al.
-
OSDI, Decoupling Cores, Kernels and Operating Systems, Gerd Zellweger et al.
2013
-
IEEE Symposium on Security and Privacy, XMHF: Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework, Amit Vasudevan et al.
-
Security Protocols Workshop, Towards a Theory of Application Compartmentalisation, Robert N.M. Watson et al.
-
ASPLOS, Unikernels: Library Operating Systems for the Cloud, Anil Madhavapeddy et al.
-
SOSP, VirtuOS: an operating system with kernel virtualization, Ruslan Nikolaev and Godmar Back
2011
- ACM Symposium on Operating Systems Principles, Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor, Patrick Colp et al.
“a modified version of Xen that retrofits the modularity and isolation principles used in microkernels onto a mature virtualization platform. Xoar breaks the control VM into single-purpose components called service VMs … this componentized abstraction brings a number of benefits: sharing of service components by guests is configurable and auditable, making exposure to risk explicit, and access to the hypervisor is restricted to the least privilege required for each component.”
- Bear – A Resilient Operating System for Scalable Multi-processors, Stephen Taylor et al.
“This paper describes a minimalist operating system design aimed at scalable multi-processor systems whose primary goal is resilience. The design is expressly targeted toward critical military applications for the purpose of operating through failures, errors, and malicious attacks.”
- International Journal of Information Security, Principles of Remote Attestation, George Coker et al.
2010
-
IEEE Symposium on Security and Privacy, HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity, Zhi Wang and Xuxian Jiang
-
Folk Models of Home Computer Security, Rick Wash
2009
2008
- ACM Conference on Virtual Execution Environments, Improving Xen Security through Disaggregation, Derek Murray et al.
“work to disaggregate the management virtual machine in a Xen-based system … moves the domain builder, the most important privileged component, into a minimal trusted compartment … this approach may be used to implement “trusted virtualisation” and improve the security of virtual TPM implementations.
-
ACM Workshop on Managed Many-Core Systems, Embracing diversity in the Barrelfish manycore operating system, Adrian Schüpbach, Paul Barham, et al.
-
The ten-page introduction to Trusted Computing, Andrew Martin
2007
- ACM Workshop on New Security Paradigms, Robustly Secure Computer Systems: A new security paradigm of system discontinuity, Jon A. Solworth
2006
-
Computer magazine, Can We Make Operating Systems Reliable and Secure?, Andrew S. Tanenbaum et al.
-
USENIX Security, Virtualizing the Trusted Platform Module, Stefan Berger et al.
-
ASPLOS, A Comparison of Software and Hardware Techniques for x86 Virtualization, Keith Adams et al.
2005
-
Computer Security Applications Conference, A Nitpicker’s guide to a minimal-complexity secure GUI, Norman Feske and Christian Helmuth
-
IJES, The MILS architecture for high-assurance embedded systems, Jim Alves-Foss
2003
- ACM Symposium on Operating Systems Principles, Xen and the Art of Virtualization, Paul Barham et al.
“This paper presents Xen, an x86 virtual machine monitor which allows multiple commodity operating systems to share conventional hardware in a safe and resource managed fashion, but without sacricing either performance or functionality.”
2002
- Thirty Years Later: Lessons from the Multics Security Evaluation, Paul A. Karger and Roger R. Schell
1998
- USENIX Security, The Flask Security Architecture: System Support for Diverse Security Policies, Ray Spencer et al.
1991
- IEEE Transactions on Software Engineering, A Retrospective on the VAX VMM Security Kernel, Paul Karger et al.
1981
-
ACM Symposium on Operating Systems Principles, Design and Verification of Secure Systems, John Rushby
-
IBM Journal of Research & Development, The Origin of the VM/370 Time-sharing System, R.J. Creasy
1972
- USAF, Computer Security Technology Planning Study, James P. Anderson