FBCrypt prevents information leakage via the management VM in out-of-band remote management. FBCrypt encrypts the inputs and outputs between a VNC client and a user VM using the virtual machine monitor (VMM). Sensitive information is protected against the management VM between them. The VMM intercepts the reads of virtual devices by a user VM and decrypts the inputs, whereas it intercepts the updates of a framebuffer by a user VM and encrypts the pixel data.
System RequirementsFBCrypt supports para-virtualized and fully-virtualized guest operating systems in Xen and FBCrypt is not necessary to modificate DomainU.
- Xen 4.1.1 (cutomized for FBCrypt)
- Domain0: Linux-kernel 3.2
- DomainU: Linux-kernel 2.6.32〜3.2・Windows7・FreeBSD-9.1
- Tight-VNC-Java-Viewer 2.0.95 (customized for FBCrypt)
PublicationDependable and Secure Remote Management in IaaS Clouds
- Tomohisa Egawa, Naoki Nishimura, and Kenichi Kourai
- In Proceedings of the 4th IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2012), pp.411-418, December 2012.
Please send e-mail egawan_at_ksl.ci.kyutech.ac.jp