An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
A secure and reliable bootstrap architecture
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices
PERCOMW '05 Proceedings of the Third IEEE International Conference on Pervasive Computing and Communications Workshops
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Behavioral detection of malware on mobile handsets
Proceedings of the 6th international conference on Mobile systems, applications, and services
Enforcing performance isolation across virtual machines in Xen
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Shared device driver model for virtualized mobile handsets
Proceedings of the First Workshop on Virtualization in Mobile Computing
Device driver isolation within virtualized embedded platforms
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Journal of Parallel and Distributed Computing
Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Toward under-millisecond I/O latency in Xen-ARM
Proceedings of the Second Asia-Pacific Workshop on Systems
Hi-index | 0.00 |
System virtualization is now available for mobile devices allowing for many advantages. Two of the major benefits from virtualization are system fault isolation and security. The isolated driver domain (IDD) model, a widely adopted architecture, enables strong system fault isolation by limiting the impact of driver faults to the driver domain itself. However, excessive I/O requests from a malicious domain to an IDD can cause CPU overuse of the IDD and performance degradation of applications in the IDD and other domains that share the same I/O device with the malicious do-main. If the IDD model is applied to mobile devices, this failure of performance isolation could also lead to battery drain, and thus it introduces a new severe threat to mobile devices. In order to solve this problem, we propose a fine-grained I/O access control mechanism in an IDD. Requests from guest domains are managed by an accounting module in terms of CPU usage, with the calcula-tion of estimated CPU consumption using regression equations. The requests are scheduled by an I/O access control enforcer ac-cording to security policies. As a result, our mechanism provides precise control on the CPU usage of a guest domain due to I/O device access, and prevents malicious guest domains from CPU overuse, performance degradation, and battery drain. We have implemented a prototype of our approach considering both network and storage devices with a real smart phone (SGH-i780) that runs two para-virtualized Linux kernels on top of Secure Xen on ARM. The evaluation shows our approach effectively protects a smart phone against excessive I/O attacks and guarantees availability.