Virtualization has come into wide use in today's computing systems. 
By allowing whole software stacks to be encapsulated as virtual machines, 
the technique has enabled a broad spectrum of applications. However, a common, 
fundamental assumption of all these virtualization-based systems is the 
presence of a trustworthy hypervisor. Unfortunately, recent successful attacks 
against all major commodity hypervisors, in addition to the bloated trusted 
computing base and highly complex internal logic of hypervisors, seriously calls 
into question the validity of this assumption. In this talk, I will first present 
two systems we developed to mitigate these threats: HyperSafe is a system that 
uniquely enables self-protection for type-I (bare-metal) hypervisors by enforcing 
their control flow integrity; HyperLock is a system that can securely isolate a 
type-II (hosted) hypervisor to protect the host OS and other guests even if the hypervisor 
is compromised. These two systems provide a solid foundation for a safe virtualization 
environment. Finally, I will discuss a third system, HookSafe, that leverages virtualization 
technology to defeat kernel rootkits, which many consider to be among the most insidious 
threats to computer security.