Virtualization is being widely adopted in today's computing systems. Its unique strengths in isolating and encapsulating whole software stacks as virtual machines have enabled a wide spectrum of applications. However, a common, fundamental assumption of all these virtualization-based systems is the presence of a trustworthy hypervisor. Unfortunately, recent successful attacks against all major commodity hypervisors, in addition to the bloated trusted computing base and highly complex internal logic of hypervisors, seriously questions the validity of this assumption. In this talk, I will first present two systems we developed to mitigate these threats: HyperSafe is a system that uniquely enables self-protection for type-I (bare-metal) hypervisors by enforcing their control flow integrity; HyperLock is a system that can securely isolate type-II (hosted) hypervisors to protect the host OS and other guests even if the hypervisor is compromised. These two systems provide a solid foundation for a safe virtualization environment. After that, I will discuss a third system, HookSafe, that leverages the virtualization technology to defeat kernel rootkits, considered by many as one of the most malicious and parasitic malware.

Zhi Wang is a Ph.D. candidate in the Department of Computer Science at North Carolina State University. He received his M.S. and B.S. in Computer Science from the Xi’an Jiaotong University in China in 2002 and 1999, respectively. His research focuses on systems security, particularly operating systems security, virtualization security, and mobile security. His dissertation research focuses on establishing a safe virtualization environment.