logo EDITE Clement DEVIGNE
Identité
Clement DEVIGNE
État académique
Thèse soutenue le 2017-07-06
Sujet: Création-destruction dynamique de machines virtuelles sécurisées sur une architecture manycore cc-NUMA
Direction de thèse:
Encadrement de thèse:
Laboratoire:
Voisinage
Ellipse bleue: doctorant, ellipse jaune: docteur, rectangle vert: permanent, rectangle jaune: HDR. Trait vert: encadrant de thèse, trait bleu: directeur de thèse, pointillé: jury d'évaluation à mi-parcours ou jury de thèse.
Productions scientifiques
oai:hal.archives-ouvertes.fr:hal-01382444
Executing Secured Virtual Machines within a Manycore Architecture
International audience
Manycore processors are a way to face the always growing demand in digital data processing. However, by putting closer distinct and possibly private data, they open up new security breaches. Splitting the architecture into several partitions managed by a hypervisor is a way to enforce isolation between the running virtual machines. Thanks to their high number of cores, these architectures can mitigate the impact of dedicating cores both to the virtual machines and the hypervisor, while allowing an efficient execution of the virtualized operating systems. We present such an architecture allowing the execution of fully virtualized multicore operating systems benefiting of hardware cache coherence. The physical isolation is made by the means of address space via the introduction of a light hardware module similar to a memory-management unit at the network-on-chip entrance, but without the drawback of relying on a page table. We designed a cycle-accurate virtual prototype of the architecture , controlled by a light blind hypervisor with minimum rights, only able to start and stop virtual machines. Experiments made on our virtual prototype shows that our solution has a low time overhead – typically 3% on average.
ISSN: 0141-9331 EISSN: 0141-9331 Microprocessors and Microsystems: Embedded Hardware Design (MICPRO) http://hal.upmc.fr/hal-01382444 Microprocessors and Microsystems: Embedded Hardware Design (MICPRO), Elsevier, 2016, <10.1016/j.micpro.2016.09.008>ARRAY(0x7f5470672cb0) 2016
oai:hal.archives-ouvertes.fr:hal-01363066
Executing secured virtual machines within a manycore architecture
International audience
Manycore processors are a way to face the always growing demand in digital data processing. However, by putting closer distinct and possibly private data, they open security breaches. This article presents undergoing work aiming at providing security guaranties to different users utilizing different cores in a manycore architecture. The proposed solution is using physical isolation and a hypervisor with minimum rights, although the work described in the paper focuses only on hardware mechanisms. We present a hardware module providing an address translation service allowing to fully virtualize operating systems, while offering advantages compared to a classical memory management unit within our context. Experiments made on a virtual prototype shows that our solution has a low time overhead – typically 3% on average.
Proceedings of the IEEE Nordic Circuits and Systems Conference (NORCAS) IEEE Nordic Circuits and Systems Conference (NORCAS) http://hal.upmc.fr/hal-01363066 IEEE Nordic Circuits and Systems Conference (NORCAS), Oct 2015, Oslo, Norway. Proceedings of the IEEE Nordic Circuits and Systems Conference (NORCAS), 2015, <http://www.norcas.org/>. <10.1109/NORCHIP.2015.7364380> http://www.norcas.org/ARRAY(0x7f54712d3730) 2015-10-27
Soutenance
Thèse: Exécution sécurisée de plusieurs machines virtuelles sur une plateforme Manycore
Soutenance: 2017-07-06
Rapporteurs: Fabienne NOUVEL    Daniel CHILLET