BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Improving Xen Security through Disaggregation - Derek Murray (Univ
 ersity of Cambridge)
DTSTART:20080226T153000Z
DTEND:20080226T160000Z
UID:TALK9264@talks.cam.ac.uk
CONTACT:Eiko Yoneki
DESCRIPTION:Virtual machine monitors (VMMs) have been hailed as the basis 
 for an increasing number of reliable or trusted computing systems. The Xen
  VMM is a relatively small piece of software -- a hypervisor -- that runs 
 at a lower level than a conventional operating system in order to provide 
 isolation between virtual machines: its size is offered as an argument for
  its trustworthiness. However\, the management of a Xen-based system requi
 res a privileged\, full-blown operating system to be included in the trust
 ed computing base (TCB).\n\nIn this talk\, I will introduce our work to di
 saggregate the management virtual machine in a Xen-based system. I will pr
 esent a study of the Xen architecture and explain why the status quo resul
 ts in a large TCB. I will challenge the conventional wisdom that smaller T
 CBs are necessarily better\, and argue that the "surface area" of the TCB 
 is as important as its size. I will then describe how we implemented our a
 pproach on Xen\, by moving the domain builder -- the most important privil
 eged component -- into a minimal trusted compartment. I will also discuss 
 some of the ongoing work that is based on our disaggregation approach.\n
LOCATION:Lecture Theatre 1\, Computer Laboratory\, William Gates Builiding
END:VEVENT
END:VCALENDAR