1,245 research outputs found
Secure Virtualization of Latency-Constrained Systems
Virtualization is a mature technology in server and desktop environments where multiple systems are consolidate onto a single physical hardware platform, increasing the utilization of todays multi-core systems as well as saving resources such as energy, space and costs compared to multiple single systems. Looking at embedded environments reveals that many systems use multiple separate computing systems inside, including requirements for real-time and isolation properties. For example, modern high-comfort cars use up to a hundred embedded computing systems. Consolidating such diverse configurations promises to save resources such as energy and weight.
In my work I propose a secure software architecture that allows consolidating multiple embedded software systems with timing constraints. The base of the architecture builds a microkernel-based operating system that supports a variety of different virtualization approaches through a generic interface, supporting hardware-assisted virtualization and paravirtualization as well as multiple architectures. Studying guest systems with latency constraints with regards to virtualization showed that standard techniques such as high-frequency time-slicing are not a viable approach.
Generally, guest systems are a combination of best-effort and real-time work and thus form a mixed-criticality system. Further analysis showed that such systems need to export relevant internal scheduling information to the hypervisor to support multiple guests with latency constraints. I propose a mechanism to export those relevant events that is secure, flexible, has good performance and is easy to use. The thesis concludes with an evaluation covering the virtualization approach on the ARM and x86 architectures and two guest operating systems, Linux and FreeRTOS, as well as evaluating the export mechanism
Open-TEE - An Open Virtual Trusted Execution Environment
Hardware-based Trusted Execution Environments (TEEs) are widely deployed in
mobile devices. Yet their use has been limited primarily to applications
developed by the device vendors. Recent standardization of TEE interfaces by
GlobalPlatform (GP) promises to partially address this problem by enabling
GP-compliant trusted applications to run on TEEs from different vendors.
Nevertheless ordinary developers wishing to develop trusted applications face
significant challenges. Access to hardware TEE interfaces are difficult to
obtain without support from vendors. Tools and software needed to develop and
debug trusted applications may be expensive or non-existent.
In this paper, we describe Open-TEE, a virtual, hardware-independent TEE
implemented in software. Open-TEE conforms to GP specifications. It allows
developers to develop and debug trusted applications with the same tools they
use for developing software in general. Once a trusted application is fully
debugged, it can be compiled for any actual hardware TEE. Through performance
measurements and a user study we demonstrate that Open-TEE is efficient and
easy to use. We have made Open- TEE freely available as open source.Comment: Author's version of article to appear in 14th IEEE International
Conference on Trust, Security and Privacy in Computing and Communications,
TrustCom 2015, Helsinki, Finland, August 20-22, 201
Secure and efficient application monitoring and replication
Memory corruption vulnerabilities remain a grave threat to systems software written in C/C++. Current best practices dictate compiling programs with exploit mitigations such as stack canaries, address space layout randomization, and control-flow integrity. However, adversaries quickly find ways to circumvent such mitigations, sometimes even before these mitigations are widely deployed. In this paper, we focus on an "orthogonal" defense that amplifies the effectiveness of traditional exploit mitigations. The key idea is to create multiple diversified replicas of a vulnerable program and then execute these replicas in lockstep on identical inputs while simultaneously monitoring their behavior. A malicious input that causes the diversified replicas to diverge in their behavior will be detected by the monitor; this allows discovery of previously unknown attacks such as zero-day exploits. So far, such multi-variant execution environments (MVEEs) have been held back by substantial runtime overheads. This paper presents a new design, ReMon, that is non-intrusive, secure, and highly efficient. Whereas previous schemes either monitor every system call or none at all, our system enforces cross-checking only for security critical system calls while supporting more relaxed monitoring policies for system calls that are not security critical. We achieve this by splitting the monitoring and replication logic into an in-process component and a cross-process component. Our evaluation shows that ReMon offers same level of security as conservative MVEEs and run realistic server benchmarks at near-native speeds
lLTZVisor: a lightweight TrustZone-assisted hypervisor for low-end ARM devices
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresVirtualization is a well-established technology in the server and desktop space
and has recently been spreading across different embedded industries. Facing
multiple challenges derived by the advent of the Internet of Things (IoT) era,
these industries are driven by an upgrowing interest in consolidating and isolating
multiple environments with mixed-criticality features, to address the complex IoT
application landscape. Even though this is true for majority mid- to high-end
embedded applications, low-end systems still present little to no solutions proposed
so far.
TrustZone technology, designed by ARM to improve security on its processors,
was adopted really well in the embedded market. As such, the research community
became active in exploring other TrustZone’s capacities for isolation, like
an alternative form of system virtualization. The lightweight TrustZone-assisted
hypervisor (LTZVisor), that mainly targets the consolidation of mixed-criticality
systems on the same hardware platform, is one design example that takes advantage
of TrustZone technology for ARM application processors. With the recent
introduction of this technology to the new generation of ARM microcontrollers, an
opportunity to expand this breakthrough form of virtualization to low-end devices
arose.
This work proposes the development of the lLTZVisor hypervisor, a refactored
LTZVisor version that aims to provide strong isolation on resource-constrained
devices, while achieving a low-memory footprint, determinism and high efficiency.
The key for this is to implement a minimal, reliable, secure and predictable virtualization
layer, supported by the TrustZone technology present on the newest
generation of ARM microcontrollers (Cortex-M23/33).Virtualização é uma tecnologia já bem estabelecida no âmbito de servidores e
computadores pessoais que recentemente tem vindo a espalhar-se através de várias
indústrias de sistemas embebidos. Face aos desafios provenientes do surgimento
da era Internet of Things (IoT), estas indústrias são guiadas pelo crescimento
do interesse em consolidar e isolar múltiplos sistemas com diferentes níveis de
criticidade, para atender ao atual e complexo cenário aplicativo IoT. Apesar de
isto se aplicar à maioria de aplicações embebidas de média e alta gama, sistemas
de baixa gama apresentam-se ainda com poucas soluções propostas.
A tecnologia TrustZone, desenvolvida pela ARM de forma a melhorar a segurança
nos seus processadores, foi adoptada muito bem pelo mercado dos sistemas embebidos.
Como tal, a comunidade científica começou a explorar outras aplicações
da tecnologia TrustZone para isolamento, como uma forma alternativa de virtualização
de sistemas. O "lightweight TrustZone-assisted hypervisor (LTZVisor)",
que tem sobretudo como fim a consolidação de sistemas de criticidade mista na
mesma plataforma de hardware, é um exemplo que tira vantagem da tecnologia
TrustZone para os processadores ARM de alta gama. Com a recente introdução
desta tecnologia para a nova geração de microcontroladores ARM, surgiu uma
oportunidade para expandir esta forma inovadora de virtualização para dispositivos
de baixa gama.
Este trabalho propõe o desenvolvimento do hipervisor lLTZVisor, uma versão
reestruturada do LTZVisor que visa em proporcionar um forte isolamento em dispositivos
com recursos restritos, simultâneamente atingindo um baixo footprint de
memória, determinismo e alta eficiência. A chave para isto está na implementação
de uma camada de virtualização mínima, fiável, segura e previsível, potencializada
pela tecnologia TrustZone presente na mais recente geração de microcontroladores
ARM (Cortex-M23/33)
- …