Practical Security Properties on Commodity Computing Platforms

The uber eXtensible Micro-Hypervisor Framework

  • Amit┬áVasudevan

Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)

Table of contents

  1. Front Matter
    Pages i-xix
  2. Amit Vasudevan
    Pages 1-10
  3. Amit Vasudevan
    Pages 73-85

About this book


This SpringerBrief discusses the uber eXtensible Micro-hypervisor Framework (uberXMHF), a novel micro-hypervisor system security architecture and framework that can isolate security-sensitive applications from other untrustworthy applications on commodity platforms, enabling their safe co-existence. uberXMHF, in addition, facilitates runtime monitoring of the untrustworthy components, which is illustrated in this SpringerBrief. uberXMHF focuses on three goals which are keys to achieving practical security on commodity platforms: (a) commodity compatibility (e.g., runs unmodified Linux and Windows) and unfettered access to platform hardware; (b) low trusted computing base and complexity; and (c) efficient implementation.

uberXMHF strives to be a comprehensible, practical and flexible platform for performing micro-hypervisor research and development. uberXMHF encapsulates common hypervisor core functionality in a framework that allows developers and users to build custom micro-hypervisor based (security-sensitive) applications (called 'uberapps'). The authors describe several uberapps that employ uberXMHF and showcase the framework efficacy and versatility. These uberapps span a wide spectrum of security applications including application compartmentalization and sandboxing, attestation, approved code execution, key management, tracing, verifiable resource accounting, trusted-path and on-demand I/O isolation.

The authors are encouraged by the end result - a clean, barebones, low trusted computing base micro-hypervisor framework for commodity platforms with desirable performance characteristics and an architecture amenable to manual audits and/or formal reasoning. Active, open-source development of uberXMHF continues.

The primary audience for this SpringerBrief is system (security) researchers and developers of commodity system software. Practitioners working in system security deployment mechanisms within industry and defense, as well as advanced-level students studying computer science with an interest in security will also want to read this SpringerBrief.


Compositional verification Extensible and verifiable micro-hypervisor Verified trace properties on commodity platforms Development compatible verification Verifiable object architecture (uber-objects) Security applications Salient security properties Cybersecurity micro-hypervisor uberapps uber eXtensible Micro-Hypervisor Framework (uberXMHF) Low-TCB micro-hypervisor framework Micro-Hypervisor System Security Architecture Micro-Hypervisor assisted security applications Micro-hypervisor key management Micro-hypervisor attestation Micro-hypervisor verifiable resource accounting Micro-hypervisor application compartmentalization Micro-hypervisor I/O isolaton Micro-hypervisor trusted-path

Authors and affiliations

  • Amit┬áVasudevan
    • 1
  1. 1.Software Engineering Institute, Carnegie Mellon UniversityPittsburghUSA

Bibliographic information

  • DOI
  • Copyright Information The Author(s), under exclusive license to Springer Nature Switzerland AG 2019
  • Publisher Name Springer, Cham
  • eBook Packages Computer Science Computer Science (R0)
  • Print ISBN 978-3-030-25048-5
  • Online ISBN 978-3-030-25049-2
  • Series Print ISSN 2191-5768
  • Series Online ISSN 2191-5776
  • Buy this book on publisher's site