A dual-hypervisor for platforms supporting hardware-assisted security and virtualization

The need for security and virtualization capabilities in modern cyber-physical systems is increasing and plays a crucial role in their design. During the last years, several software-based techniques have been proposed to achieve isolation and security features, offering secure computing services and storing confidential/sensible data together with the execution of multiple software components on the same platform. Notably, such architectures are typically denoted as systems with Multiple Independent Levels of Security (MILS). However, due to the increase of software complexity and the exposure of modern systems by means of connectivity infrastructures, security became a fundamental design objective, originating strong functional and reliability requirements that cannot generally be achieved with pure software techniques. To meet such requirements, chip makers started developing hardware-based solutions to realize trusted execution environments (TEEs), whose one of the most popular proposals is the TrustZone technology developed by ARM. Contextually to the need of security features, virtualization established as the de-facto technology to support the execution of multiple software systems (possibly running upon different operating systems) on the same platform, with hypervisors being the most wide-spread solutions to achieve virtualization of the available computing resources. This thesis aims at proposing a software infrastructure for reconciling the virtualization capabilities offered by hypervisors with the need for executing multiple TEEs upon a shared platform. To this end, a dual-hypevisor solution is proposed to enable the execution of multiple domains in isolation, where each of them can comprise both a standard (i.e., non-secure) execution environment and a TEE, where the latter is executed upon secure world enabled by the ARM TrustZone technology. The design consists in two jointly-configured hypervisors, one managing non-secure domains, and another managing a set of virtualized TEEs, thus offering a further level of isolation by construction between the two worlds. A minimal software layer has been also introduced to orchestrate the two hypervisors and dispatching the corresponding interrupt signals. The design has been realized by taking the XVISOR open-source hypervisor as a reference system. Experimental results have been finally performed to validate the proposed approach and assess its performance upon an ARM Cortex-A15 processor

Reconciling security with virtualization: A dual-hypervisor design for ARM TrustZone

This paper proposes a novel design to enable the virtualization of both secure and non-secure worlds offered by ARM platforms with TrustZone technology. The design is based on a dual-hypervisor scheme that allows executing multiple two-world domains in isolation, where each of them can comprise both a standard (i.e., non-secure) execution environment, and a trusted execution environment (TEE). An implementation of the proposed design is presented and discussed by building upon Xvisor, a Type-1 open-source hypervisor. Experimental results to assess the performance of the implementation are finally reported and discussed

PHOS EXPERIMENT: THERMAL RESPONSE OF A LARGE DIAMETER PULSATING HEAT PIPE ON BOARD REXUS 18 ROCKET

A Pulsating Heat Pipe (PHP) is a two-phase passive heat transfer device that may be proved suitable for the thermal management in space applications. A recent parabolic flight experiment has already highlighted that a capillary tube PHP has the same thermal performance either on low gravity environment or on ground with the evaporator and condenser placed horizontally with respect to the gravity vector. An increase of the inner tube diameter theoretically may lead to an increase of the thermal performance but it is only achievable in the presence of low gravity conditions. In the present study, the experimental results of two PHPs tested on board REXUS 18 rocket are presented. The PHPs are both filled with the refrigerant FC-72 and have an inner tube diameter larger than the critical diameter (3 mm) and around the critical diameter (1.6 mm), respectively. In the occurrence of the milli-gravity conditions experienced on board the rocket, surface tension prevails over buoyancy and the flow pattern inside the devices should switch to the slug and plug PHPs typical operational regime. The temperature and pressure trends are expected to reveal such a regime transition and provide further information for future developments. The tested PHPs consist of a closed end-to-end aluminium tube with fourteen curves arranged on two planes constituting the evaporator or hot section. The heat input is supplied by two heating cables wound around the tube and placed asymmetrically with respect to the curves, so as to promote the fluid circulation in a preferential direction. The heat input value has been selected in order to have the same heat flux at the evaporator section in both situations. The heat is transferred through the devices and, at the end, released in a phase change material via latent heat of fusion without any appreciable temperature buildup for the entire duration of each experimental run