iKernel: Isolating Buggy and Malicious Device Drivers Using Hardware Virtualization Support

  • Authors:

  • Lin Tan;Ellick M. Chan;Reza Farivar;Nevedita Mallick;Jeffrey C. Carlyle;Francis M. David;Roy H. Campbell

  • Affiliations:

  • University of Illinois at Urbana-Champaign, USA;University of Illinois at Urbana-Champaign, USA;University of Illinois at Urbana-Champaign, USA;University of Illinois at Urbana-Champaign, USA;University of Illinois at Urbana-Champaign, USA;University of Illinois at Urbana-Champaign, USA;University of Illinois at Urbana-Champaign, USA

  • Venue:
  • DASC '07 Proceedings of the Third IEEE International Symposium on Dependable, Autonomic and Secure Computing
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

The users of today's operating systems demand high reliability and security. However, faults introduced outside of the core operating system by buggy and malicious device drivers can significantly impact these dependability attributes. To help improve driver isolation, we propose an approach that utilizes the latest hardware virtualization support to efficiently sandbox each device driver in its own minimal Virtual Machine (VM) so that the kernel is protected from faults in these drivers. We present our implementation of a low-overhead virtual-machine based framework which allows reuse of existing drivers. We have constructed a prototype to demonstrate that it is feasible to utilize existing hardware virtualization techniques to allow device drivers in a VM to communicate with devices directly without frequent hardware traps into the Virtual Machine Monitor (VMM). We have implemented a prototype parallel port driver which interacts through iKernel to communicate with a physical LED device.