978 research outputs found
TCG based approach for secure management of virtualized platforms: state-of-the-art
There is a strong trend shift in the favor of adopting virtualization to get business benefits. The provisioning of virtualized enterprise resources is one kind of many possible scenarios. Where virtualization promises clear advantages it also poses new security challenges which need to be addressed to gain stakeholders confidence in the dynamics of new environment. One important facet of these challenges is establishing 'Trust' which is a basic primitive for any viable business model. The Trusted computing group (TCG) offers technologies and mechanisms required to establish this trust in the target platforms. Moreover, TCG technologies enable protecting of sensitive data in rest and transit. This report explores the applicability of relevant TCG concepts to virtualize enterprise resources securely for provisioning, establish trust in the target platforms and securely manage these virtualized Trusted Platforms
Scheduling policies and system software architectures for mixed-criticality computing
Mixed-criticality model of computation is being increasingly
adopted in timing-sensitive systems. The model not only
ensures that the most critical tasks in a system never fails,
but also aims for better systems resource utilization in normal condition. In this report, we describe the widely used
mixed-criticality task model and fixed-priority scheduling
algorithms for the model in uniprocessors. Because of the
necessity by the mixed-criticality task model and scheduling
policies, isolation, both temporal and spatial, among tasks is
one of the main requirements from the system design point
of view. Different virtualization techniques have been used
to design system software architecture with the goal of isolation. We discuss such a few system software architectures
which are being and can be used for mixed-criticality model
of computation
seL4 Microkernel for virtualization use-cases: Potential directions towards a standard VMM
Virtualization plays an essential role in providing security to computational
systems by isolating execution environments. Many software solutions, called
hypervisors, have been proposed to provide virtualization capabilities.
However, only a few were designed for being deployed at the edge of the
network, in devices with fewer computation resources when compared with servers
in the Cloud. Among the few lightweight software that can play the hypervisor
role, seL4 stands out by providing a small Trusted Computing Base and formally
verified components, enhancing its security. Despite today being more than a
decade with seL4 microkernel technology, its existing userland and tools are
still scarce and not very mature. Over the last few years, the main effort has
been put into increasing the maturity of the kernel itself and not the tools
and applications that can be hosted on top. Therefore, it currently lacks
proper support for a full-featured userland Virtual Machine Monitor, and the
existing one is quite fragmented. This article discusses the potential
directions to a standard VMM by presenting our view of design principles and
feature set needed. This article does not intend to define a standard VMM, we
intend to instigate this discussion through the seL4 community
- âŠ