BMCArmor: A Hardware Protection Scheme for Bare-Metal Clouds

Traditional infrastructure-as-a-service (IaaS) clouds provide virtual machines as servers. However, virtualization incurs a performance overhead and prevents maximum utilization of hardware functions, so several IaaS vendors have started new services called bare-metal clouds that provide physical rather than virtual machines, allowing users to have direct access to physical hardware in the cloud. Unfortunately, exposing physical hardware to users causes a hardware protection issue for cloud vendors. Since physical hardware uses non-volatile memory (NVM) to store firmware code and configuration data, this is also exposed to users. If the NVM is modified by malicious users, the hardware could be permanently corrupted or infected by malware without being noticed. This is difficult for cloud vendors to prevent because bare-metal clouds have no virtualization layer to protect their hardware. In this paper, we describe the types of attacks that are possible for bare-metal clouds and propose BMCArmor, a hardware protection scheme for baremetal clouds. BMCArmor uses a thin hypervisor that does not virtualize the hardware, just preventing access to NVM. Our experiments show that BMCArmor can successfully protect hardware while incurring little performance overhead.