Secure Virtualization for Embedded Systems
From TCS Group Internal Wiki
Participants: Gehrmann (project leader), Dam, Gurov
Virtualization is the use of hypervisors or virtual machine monitors to support multiple virtual machines on a single real machine. Such a solution has important benefits, including increased hardware utilization and more flexible system management. Moreover, with a hypervisor providing an abstraction layer separating virtual machines from the real hardware, and isolating virtual machines from each other, many useful architectural possibilities arise. In particular, virtualization is a strong enabler for security both as a result of the isolation enforced by the hypervisor between virtual machines, and due to the hypervisors high-privilege suitability as a strong base for security services operating on the virtual machines. System level virtualization, in particular, is interesting as it enables tight control of a complete execution environment on the target system.
There are, however, significant research challenges of both practical and theoretical nature. In particular, virtualization in the context of embedded or resource constrained devices is not well understood. As interconnection and integration increases in the emerging network of things, security threats are sure to migrate quickly to the embedded domain. Moreover, many of the deeper issues concerning the effect of the virtualization on performance and correctness, and how to effectively bridge the gap between application level and system level security remains unresolved. The group at TCS has been exploring related issues in the context of Java security for several years, and the aim is to explore this synergy for greater impact in both theory and practice.
Project objectives:
- Design, modeling and analysis of new thin-hypervisor based security architectures for embedded platforms.
- Proof of concept including benchmark figures on ”typical” hardware set ups. This part of the project will involve collaboration with Ericsson Research.
