Skip to main content
SpringerLink
Log in

Affordable Separation on Embedded Platforms

Soft Reboot Enabled Virtualization on a Dual Mode System

  • Conference paper
Trust and Trustworthy Computing (Trust 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8564))

Included in the following conference series:

Abstract

While security has become important in embedded systems, commodity operating systems often fail in effectively separating processes, mainly due to a too large trusted computing base. System virtualization can establish isolation already with a small code base, but many existing embedded CPU architectures have very limited virtualization hardware support, so that the performance impact is often non-negligible. Targeting both security and performance, we investigate an approach in which a few minor hardware additions together with virtualization offer protected execution in embedded systems while still allowing non-virtualized execution when secure services are not needed. Benchmarks of a prototype implementation on an emulated ARM Cortex A8 platform confirm that switching between those two execution forms can be done efficiently.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. AMD: AMD64 virtualization: Secure virtualization: Secure virtual machine architecture reference manual. AMD Publication number 33047, revision 3.01 (2005)

    Google Scholar 

  2. ARM: ARMv7-A architecture reference manual, issue C, http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0406c

  3. ARM: Integrator baseboards, http://infocenter.arm.com/help/topic/com.arm.doc.subset.boards.integratorbaseboards

  4. ARM: TrustZone Technology, http://www.arm.com/products/processors/technologies/trustzone.php/

  5. ARM Technical Support Knowledge Articles: What is the fastest way to copy memory on a Cortex-A8? (2011), http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka13544.html

  6. Azab, A.M., Ning, P., Zhang, X.: SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 375–388 (2011)

    Google Scholar 

  7. BeagleBoard.org Foundation: BeagleBoard product page, http://beagleboard.org/Products/BeagleBoard

  8. BeagleBoard.org Foundation: BeagleBoard-xM product page, http://beagleboard.org/Products/BeagleBoard-xM

  9. BeagleBoard.org Foundation: BeagleBone product page, http://beagleboard.org/Products/BeagleBone

  10. Chaves, R., Kuzmanov, G., Sousa, L., Vassiliadis, S.: Improving SHA-2 hardware implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 298–310. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Dam, M., Guanciale, R., Khakpour, N., Nemati, H., Schwarz, O.: Formal verification of information flow security for a simple ARM-based separation kernel. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 (2013)

    Google Scholar 

  12. Ding, J.H., Lin, C.J., Chang, P.H., Tsang, C.H., Hsu, W.C., Chung, Y.C.: ARMvisor: System virtualization for ARM. In: Linux Symposium (2012)

    Google Scholar 

  13. Douglas, H., Gehrmann, C.: Secure virtualization and multicore platforms state-of-the-art report. Tech. Report (2009), http://soda.swedish-ict.se/3800/

  14. Gábriš, F.: Turning off hypervisor and resuming OS in 100 instructions. Presentation at FASM CON 2009, Myjava, Slovak Republic (2009), http://fdbg.x86asm.net/Turning_off_hypervisor_and_resuming_OS_in_100_instructions.ppt

  15. Goldberg, R.P.: Architectural principles of virtual machines. Ph.D. thesis, Harvard University (1972)

    Google Scholar 

  16. Goldberg, R.P.: Survey of virtual machine research. IEEE Comp. Magazine (1974)

    Google Scholar 

  17. Grawrock, D.: The Intel safer computing initiative: Building blocks for trusted computing (2006)

    Google Scholar 

  18. Harrington, B.R., Mehta, C., Milton, D.M.I., Perez, M.A., Randall, D.L., Willoughby, D.R.: System and method for selectively executing a reboot request after a reset to power on state for a particular partition in a logically partitioned system. US patent US 7146515 B2, http://www.google.com/patents/US7146515

  19. Hwang, J.Y., Suh, S.B., Heo, S.K., Park, C.J., Ryu, J.M., Park, S.Y., Kim, C.R.: Xen on ARM: System virtualization using Xen hypervisor for ARM-based secure mobile phones. In: CCNC (2008)

    Google Scholar 

  20. Liu, J., Huang, W., Abali, B., Panda, D.K.: High performance VMM-bypass I/O in virtual machines. In: Proceedings of the annual conference on USENIX 2006 Annual Technical Conference, ATEC 2006, p. 3. USENIX Association, Berkeley (2006)

    Google Scholar 

  21. Make Linux Software: Super fast boot of embedded Linux, http://www.makelinux.com/emb/fastboot/omap

  22. McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for TCB minimization. SIGOPS Oper. Syst. Rev. 42, 315–328 (2008)

    Article  Google Scholar 

  23. Naughton, T., Vallee, G., Scott, S.: Dynamic adaptation using Xen. In: System-level Virtualization for High Performance Computing, HPCVirt (2007)

    Google Scholar 

  24. Open Virtual Platforms: OVP website, http://www.ovpworld.org/

  25. Schellekens, D.: Design and Analysis of Trusted Computing Platforms. Ph.D. thesis, Katholieke Universiteit Leuven (2012)

    Google Scholar 

  26. Shafi, Q.: Cyber physical systems security: A brief survey. In: Computational Science and Its Applications (ICCSA), pp. 146–150 (2012)

    Google Scholar 

  27. SICS: SICS Thin Hypervisor (STH) source, https://bitbucket.org/sicssec/sth

  28. Smith, J.E., Nair, R.: Virtual Machines: Versatile Platforms for Systems and Processes. Morgan Kaufmann Publishers, USA (2005)

    Google Scholar 

  29. Sony Mobile: NovaThor U8500 product page, http://developer.sonymobile.com/knowledge-base/technologies/novethor-u8500/

  30. Trusted Computing Group: PC client specific TPM interface specification. Version 1.2, Revision 1.0 (2005)

    Google Scholar 

  31. Wojtczuk, R., Rutkowska, J.: Attacking Intel trusted execution technology. Black Hat DC (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SICS Swedish ICT, Sweden

    Oliver Schwarz, Christian Gehrmann & Viktor Do

Authors
  1. Oliver Schwarz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Gehrmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Viktor Do
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Chair for Systems Security, Ruhr-University Bochum, Universitätsstr. 150, ID 2/439, 44780, Bochum, Germany

    Thorsten Holz

  2. Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH), Greece

    Sotiris Ioannidis

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Schwarz, O., Gehrmann, C., Do, V. (2014). Affordable Separation on Embedded Platforms. In: Holz, T., Ioannidis, S. (eds) Trust and Trustworthy Computing. Trust 2014. Lecture Notes in Computer Science, vol 8564. Springer, Cham. https://doi.org/10.1007/978-3-319-08593-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08593-7_3

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08592-0

  • Online ISBN: 978-3-319-08593-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation