SPATIAL ISOLATION ON REALTIME HYPERVISOR USING CORE-LOCAL MEMORY

Daisuke Yamaguchi, Takumi Yajima, Chen-Yi Lee, Hiromasa Shimada, Yuki Kinebuchi, Tatsuo Nakajima

2012

Abstract

Recently, the software of embedded systems grows increasingly complicated due to controversial needs of both rich functionalities and strict interrupt responsiveness. In order to deal with it, realtime virtualization technology for embedded systems is attracting interests. Virtualization allows multiple operating systems to run concurrently with minimal modifications, thus reduce the engineering cost. However, as the security of embedded systems getting more concerns in these days, current design of realtime hypervisor often makes it difficult to ensure the security without hardware virtualization support which is not widely available in the world of embedded systems. In this paper, we introduce Secure Pager which utilizes a common hardware design called core-local memory combined with check-sum based protections to enforce the spatial isolation without specific hardware virtualization support.

References

  1. Kanda, W., Yumura, Y., Kinebuchi, Y., Makijima, K. and Nakajima, T.. (2008). SPUMONE: Lightweight CPU Virtualization Layer for Embedded Systems. Embedded and Ubiquitous Computing, 2008. EUC 7808. IEEE/IFIP International Conference, vol. 1, pp. 144- 151.
  2. Kanda, W., Yumura, Y., Kinebuchi, Y., Makijima, K. and Nakajima, T.. (2008). SPUMONE: Lightweight CPU Virtualization Layer for Embedded Systems. Embedded and Ubiquitous Computing, 2008. EUC 7808. IEEE/IFIP International Conference, vol. 1, pp. 144- 151.
  3. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauery, R., Pratt, I. and Warfield, A. (2003). Xen and the Art of Virtualization. SOSP.
  4. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauery, R., Pratt, I. and Warfield, A. (2003). Xen and the Art of Virtualization. SOSP.
  5. Shinagawa, T., Eiraku, H., Tanimoto, K., Omote, K., Hasegawa, S., Horie, T., Hirano, M., Kourai, K., Oyama, Y., Kawai, E., Kono, K., Chiba, S., Shinjo, Y., Kato, K. (2009). BitVisor: A Thin Hypervisor for Enforcing I/O Device Security. VEE.
  6. Shinagawa, T., Eiraku, H., Tanimoto, K., Omote, K., Hasegawa, S., Horie, T., Hirano, M., Kourai, K., Oyama, Y., Kawai, E., Kono, K., Chiba, S., Shinjo, Y., Kato, K. (2009). BitVisor: A Thin Hypervisor for Enforcing I/O Device Security. VEE.
  7. Seshadri, A., Luk, M. and Qu, N. and Perrig, A. (2007). SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. SIGOPS Oper. Syst.
  8. Seshadri, A., Luk, M. and Qu, N. and Perrig, A. (2007). SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. SIGOPS Oper. Syst.
  9. Advanced Micro Devices. (2011). AMD64 Architecture Programmer's Manual Volume 2: System Programming, 3.19 edition.
  10. Advanced Micro Devices. (2011). AMD64 Architecture Programmer's Manual Volume 2: System Programming, 3.19 edition.
  11. Sangorrin, D., Honda, S. and Takada, H.. (2010). Dual Operating System Architecture for Real-Time Embedded Systems. OSPERT.
  12. Sangorrin, D., Honda, S. and Takada, H.. (2010). Dual Operating System Architecture for Real-Time Embedded Systems. OSPERT.
  13. Alves, T. and Felton, D. ARM. (2004). TrustZone: Integrated Hardware and Software Security. Information Quarterly Volume 3.
  14. Alves, T. and Felton, D. ARM. (2004). TrustZone: Integrated Hardware and Software Security. Information Quarterly Volume 3.
  15. Banakar, R., Steinke, S., Lee, B.-S., Balakrishnan, M. and Marwedel, P. (2002) Scratchpad Memory : A Design Alternative for Cache On-chip memory in Embedded Systems. CODES.
  16. Banakar, R., Steinke, S., Lee, B.-S., Balakrishnan, M. and Marwedel, P. (2002) Scratchpad Memory : A Design Alternative for Cache On-chip memory in Embedded Systems. CODES.
  17. Held, J. (2010) Single-chip Cloud Computer: An experimental many-core processor from Intel Labs. Retrieved from: http://communities.intel.com/servlet/JiveServlet/dow nloadBody/5074-102-1-8131/SCC Sympossium Feb 212010 FINAL-A.pdf. Intel Labs Single-chip Cloud Computer Symposium.
  18. Held, J. (2010) Single-chip Cloud Computer: An experimental many-core processor from Intel Labs. Retrieved from: http://communities.intel.com/servlet/JiveServlet/dow nloadBody/5074-102-1-8131/SCC Sympossium Feb 212010 FINAL-A.pdf. Intel Labs Single-chip Cloud Computer Symposium.
  19. Shimizu, K., Hofstee, H. P. and Liberty, J. S. (2007). Cell Broadband Engine processor vault security architecture. IBM Journal of Research and Development, Volume 51 Issue 5, 521-528.
  20. Shimizu, K., Hofstee, H. P. and Liberty, J. S. (2007). Cell Broadband Engine processor vault security architecture. IBM Journal of Research and Development, Volume 51 Issue 5, 521-528.
  21. Kinebuchi, Y., Nakajima, T., Ganapathy, V. and Iftode, L. (2010) Core-Local Memory Assisted Protection. Pacific Rim International Symposium on Dependable Computing, IEEE, pp. 233-234.
  22. Kinebuchi, Y., Nakajima, T., Ganapathy, V. and Iftode, L. (2010) Core-Local Memory Assisted Protection. Pacific Rim International Symposium on Dependable Computing, IEEE, pp. 233-234.
  23. TOPPRES Project. (2004). TOPPERS/JSP Kernel USER'S MANUAL. Retrieved from: http://www.ydktec.com/az/document/ AZ9360SDK TOPPERS UM.pdf
  24. TOPPRES Project. (2004). TOPPERS/JSP Kernel USER'S MANUAL. Retrieved from: http://www.ydktec.com/az/document/ AZ9360SDK TOPPERS UM.pdf
  25. Ito, M., Hattori, T., Yoshida, Y., Hayase, K., Hayashi, T., Nishii, O., Yasu, Y., Hasegawa, A., Takada, M., Mizuno, H., Uchiyama, K., Odaka, T., Shirako, J., Mase, M., Kimura, K. and Kasahara, H. (2008). An 8640 MIPS SoC with Independent Power-Off Control of 8 CPUs and 8 RAMs by An Automatic Parallelizing Compiler. Solid-State Circuits Conference, 2008. ISSCC 2008. Digest of Technical Papers. IEEE International, 90-598.
  26. Ito, M., Hattori, T., Yoshida, Y., Hayase, K., Hayashi, T., Nishii, O., Yasu, Y., Hasegawa, A., Takada, M., Mizuno, H., Uchiyama, K., Odaka, T., Shirako, J., Mase, M., Kimura, K. and Kasahara, H. (2008). An 8640 MIPS SoC with Independent Power-Off Control of 8 CPUs and 8 RAMs by An Automatic Parallelizing Compiler. Solid-State Circuits Conference, 2008. ISSCC 2008. Digest of Technical Papers. IEEE International, 90-598.
  27. Yanmin (2008). hackbench. Retrieved from: http://people. redhat.com/mingo/cfs-scheduler/tools/hackbench.c
  28. Yanmin (2008). hackbench. Retrieved from: http://people. redhat.com/mingo/cfs-scheduler/tools/hackbench.c
Download


Paper Citation


in Harvard Style

Yamaguchi D., Yajima T., Lee C., Shimada H., Kinebuchi Y. and Nakajima T. (2012). SPATIAL ISOLATION ON REALTIME HYPERVISOR USING CORE-LOCAL MEMORY . In Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS, ISBN 978-989-8565-00-6, pages 415-421. DOI: 10.5220/0003906704150421


in Harvard Style

Yamaguchi D., Yajima T., Lee C., Shimada H., Kinebuchi Y. and Nakajima T. (2012). SPATIAL ISOLATION ON REALTIME HYPERVISOR USING CORE-LOCAL MEMORY . In Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS, ISBN 978-989-8565-00-6, pages 415-421. DOI: 10.5220/0003906704150421


in Bibtex Style

@conference{peccs12,
author={Daisuke Yamaguchi and Takumi Yajima and Chen-Yi Lee and Hiromasa Shimada and Yuki Kinebuchi and Tatsuo Nakajima},
title={SPATIAL ISOLATION ON REALTIME HYPERVISOR USING CORE-LOCAL MEMORY},
booktitle={Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS,},
year={2012},
pages={415-421},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003906704150421},
isbn={978-989-8565-00-6},
}


in Bibtex Style

@conference{peccs12,
author={Daisuke Yamaguchi and Takumi Yajima and Chen-Yi Lee and Hiromasa Shimada and Yuki Kinebuchi and Tatsuo Nakajima},
title={SPATIAL ISOLATION ON REALTIME HYPERVISOR USING CORE-LOCAL MEMORY},
booktitle={Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS,},
year={2012},
pages={415-421},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003906704150421},
isbn={978-989-8565-00-6},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS,
TI - SPATIAL ISOLATION ON REALTIME HYPERVISOR USING CORE-LOCAL MEMORY
SN - 978-989-8565-00-6
AU - Yamaguchi D.
AU - Yajima T.
AU - Lee C.
AU - Shimada H.
AU - Kinebuchi Y.
AU - Nakajima T.
PY - 2012
SP - 415
EP - 421
DO - 10.5220/0003906704150421


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems - Volume 1: PECCS,
TI - SPATIAL ISOLATION ON REALTIME HYPERVISOR USING CORE-LOCAL MEMORY
SN - 978-989-8565-00-6
AU - Yamaguchi D.
AU - Yajima T.
AU - Lee C.
AU - Shimada H.
AU - Kinebuchi Y.
AU - Nakajima T.
PY - 2012
SP - 415
EP - 421
DO - 10.5220/0003906704150421