An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Enforcing performance isolation across virtual machines in Xen
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Shared device driver model for virtualized mobile handsets
Proceedings of the First Workshop on Virtualization in Mobile Computing
Device driver isolation within virtualized embedded platforms
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
Delivering secure applications on commercial mobile devices: the case for bare metal hypervisors
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Formal virtualization requirements for the ARM architecture
Journal of Systems Architecture: the EUROMICRO Journal
| Hi-index | 0.00 |
Although Xen's isolated driver domain (IDD) model enables strong system isolation by limiting the impact of driver faults to the driver domain itself, it results in severe security problems when malware in a guest domain tries to abuse mobile device's limited system resources by sending an extreme number of I/O requests to the IDD. In order to solve this problem, this paper presents a fine-grained I/O access control mechanism in an IDD. Requests from guest domains are managed by an accounting module in terms of CPU usage, with the calculation of estimated CPU consumption using regression equations. The requests are scheduled by an I/O access control enforcer according to security policies. As a result, our mechanism provides precise control on the CPU usage of a guest domain due to I/O device access, and prevents compromised guest domains from CPU overuse, performance degradation, and battery drain. We have implemented a prototype of our approach considering both network and storage devices with a real smart phone (SGH-i780) that runs two para-virtualized Linux kernels on top of Secure Xen on ARM. The evaluation shows our approach effectively protects a smart phone against excessive I/O attacks and guarantees availability.