Columbia Engineering has developed SeKVM, the first system that guarantees—through mathematical proof—the security of virtual machines in the cloud. In a new paper to be presented tomorrow, May 26, 2021, at the 42nd IEEE Symposium on Security & Privacy, the researchers hope to lay the foundation for future innovations in system software verification, leading to a new generation of cyber-resilient system software.
SeKVM is the first formally verified system for cloud computing. Formal verification is a critical step as it is the process of proving that software is mathematically correct, that the program’s code works as it should, and there are no hidden security bugs to worry about. Jason Nieh, professor of computer science and co-director of the Software Systems Laboratory commented:
“This is the first time that a real-world multiprocessor software system has been shown to be mathematically correct and secure. This means that users’ data are correctly managed by software running in the cloud and are safe from security bugs and hackers.”
Over the past dozen years, there has been a good deal of attention paid to formal verification, including work on verifying multiprocessor operating systems. The exponential growth of cloud computing has enabled companies and users to move their data and computation off-site into virtual machines running on hosts in the cloud. Cloud computing providers, like Amazon, deploy hypervisors to support these virtual machines.
A hypervisor is the key piece of software that makes cloud computing possible. The security of the virtual machine’s data hinges on the correctness and trustworthiness of the hypervisor. Despite their importance, hypervisors are complicated—they can include an entire Linux operating system.
SeKVM was verified using MicroV, a new framework for verifying the security properties of large systems. It is based on the hypothesis that small changes to the system can make it significantly easier to verify, a new technique the researchers call micro verification. This novel layering technique retrofits an existing system and extracts the components that enforce security into a small core that is verified and guarantees the security of the entire system.
The changes needed to retrofit a large system are quite modest—the researchers demonstrated that if the small core of the larger system is intact, then the system is secure and no private data will be leaked. Shih-Wei Li, Nieh’s PhD student and co-lead author of the study commented:
“SeKVM will serve as a safeguard in various domains, from banking systems and Internet of Things devices to autonomous vehicles and cryptocurrencies.”
As the first verified commodity hypervisor, SeKVM could change how cloud services should be designed, developed, deployed, and trusted. In a world where cybersecurity is a growing concern, this resiliency is highly in demand. Major cloud companies are already exploring how they can leverage SeKVM to meet this demand. The study is titled “A Secure and Formally Verified Linux KVM Hypervisor” and will be presented at the 42nd IEEE Symposium on Security & Privacy on May 26, 2021.