research-article

Processor virtualization for secure mobile terminals

Authors:

Masato EdahiroAuthors Info & Claims

ACM Transactions on Design Automation of Electronic Systems (TODAES), Volume 13, Issue 3

Article No.: 48, Pages 1 - 23

https://doi.org/10.1145/1367045.1367057

Published: 25 July 2008 Publication History

Abstract

We propose a processor virtualization architecture, VIRTUS, to provide a dedicated domain for preinstalled applications and virtualized domains for downloaded native applications. With it, security-oriented next-generation mobile terminals can provide any number of domains for native applications. VIRTUS features three new technologies, namely, VMM asymmetrization, dynamic interdomain communication (IDC), and virtualization-assist logic, and it is first in the world to virtualize an ARM-based multiprocessor. Evaluations have shown that VMM asymmetrization results in significantly less performance degradation and LOC increase than do other VMMs. Further, dynamic IDC overhead is low enough, and virtualization-assist logic can be implemented in a sufficiently small area.

References

[1]

Adams, K. and Agesen, O. 2006. A comparison of software and hardware techniques for x86 virtualization. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, 2--13.]]

Digital Library

[2]

Alves, T. and Felton, D. 2004. TrustZone: Integrated hardware and software security. http://www.arm.com/pdfs/TZ%20Whitepaper.pdf.]]

[3]

AMD. 2005. AMD64 Virtualization Codenamed “Pacifica” Technology: Secure Virtual Machine Architecture Reference Manual. http://www.cs.utexas.edu/users/hunt/class/2005-fall/cs352/docs-em64t/AMD/virtualization-33047.pdf.]]

[4]

Armstrong, W. J., Arndt, R. L., Boutcher, D. C., Kovacs, R. G., Larson, D., Lucke, K. A., Nayer, N., and Swanberg, R. C. 2005. Advanced virtualization capabilities of POWER5 systems. IBM J. Res. Devel. 49, 4-5, 523--532.]]

Digital Library

[5]

Baratloo, A., Singh, N., and Tsai, T. K. 2000. Transparent run-time defense against stack smashing attacks. In Proceedings of the USENIX Annual Technical Conference, 251--262.]]

Digital Library

[6]

Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., and Warfield, A. 2003. Xen and the art of virtualization. In Proceedings of the ACM Symposium on Operating Systems Principles, 164--177.]]

Digital Library

[7]

Coffman, E. G., Elphick, M. J., and Shoshani, A. 1971. System deadlocks. ACM Comput. Surv. 3, 2, 67--78.]]

Digital Library

[8]

Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., and Zhang, Q. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Annual Technical Conference, 63--78.]]

Digital Library

[9]

Culler, D. E. and Singh, J. P. 1999. Parallel Computer Architecture: A Hardware/Software Approach. Morgan Kaufmann.]]

Digital Library

[10]

Dike, J. 2000. A user-mode port of the Linux kernel. In Proceedings of the 4th Annual Linux Showcase and Conference, 63--72.]]

Digital Library

[11]

England, P., Lampson, B., Manfedelli, J., Peinado, M., and Willman, B. 2003. A trusted open mobile platform. IEEE Comput. 36, 7, 55--62.]]

Digital Library

[12]

ESIA, JEITA, KSIA, TSIA, SIA. 2003. International technology roadmap for semiconductors. http://public.itrs.net/Files/2003ITRS/ExecSum2003.pdf.]]

[13]

Evans, D., and Larochelle, D. 2002. Improving security using extensible lightweight static analysis. IEEE Software. 19, 1, 42--51.]]

Digital Library

[14]

Gebotys, C. H. and White, B. A. 2006. Methodology for attack on a Java-based PDA. In Proceedings of the IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis, 94--99.]]

Digital Library

[15]

Golden, M., Arekapudi, S., Dabney, G., Haertel, M., Hale S., Herlinger, L., Kim, Y., McGrath, K., Palisetti, V., and Singh, M. 2006. A 2.6GHz dual-core 64b × 86 microprocessor with DDR2 memory support. In Proceedings of the IEEE International Solid-State Circuits Conference, 28--129.]]

[16]

Gong, L. and Ellison, G. 2003. Inside Java 2 Platform Security: Architecture, API Design and Implementation (The Java Series). Addison-Wesley.]]

Digital Library

[17]

Inoue, H., Ikeno, A., Kondo, M., Sakai, J., and Edahiro, M. 2005. FIDES: An advanced chip multiprocessor platform for secure next generation mobile terminals. In Proceedings of the 3rd IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis, 178--183.]]

Digital Library

[18]

Inoue, H., Ikeno, A., Kondo, M., Sakai, J., and Edahiro, M. 2006. VIRTUS: A new processor virtualization architecture for security-oriented next-generation mobile terminals. In Proceedings of the ACM /IEEE Design Automation Conference, 484--489.]]

Digital Library

[19]

Intel. 2005. Intel virtualization technology specification for the IA-32 Intel architecture. ftp://download.intel.com/technology/computing/vptech/C97063-002.pdf.]]

[20]

Itron Committee. 1999. ITRON 4.0 specification. http://www.assoc.tron.org/spec/itron/mitron-400e.pdf.]]

[21]

Kocher, P., Jaffe, J., and Jun. B. 1999. Differential power analysis. In Proceedings of the Cryptology Conference, 388--397.]]

Digital Library

[22]

Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., and Horowitz, M. 2000. Architectural support for copy and tamper resistant software. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, 168--178.]]

Digital Library

[23]

Loscocco, P. and Smalley, S. 2001. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the USENIX Annual Technical Conference, 29--42.]]

Digital Library

[24]

McVoy, L. and Staelin, C. 1996. LmBench: Portable tools for performance analysis. In Proceedings of the USENIX Annual Technical Conference, 279--294.]]

Digital Library

[25]

Muuss, M. 1985. The story of the TTCP program. http://ftp.arl.army.mil/~mike/ttcp.html.]]

[26]

Naffziger, S., Stackhouse, B., and Grutkowski, T. 2005. The implementation of a 2-core multi-threaded Itanium-family processor. In Proceedings of the IEEE International Solid-State Circuits Conference, 182--183.]]

[27]

NTT Docomo, IBM, and Intel. 2004a. Trusted mobile platform hardware architecture description. http://xml.coverpages.org/TMP-HWADv10.pdf.]]

[28]

NTT Docomo, IBM, and Intel. 2004b. Trusted mobile platform software architecture description. http://xml.coverpages.org/TMP-SWADv10.pdf.]]

[29]

Openwall Project. 2001. Linux kernel patch from the Openwall Project. http://www.openwall. com/linux/README.shtml.]]

[30]

Pham, D., Asano, S., Bolliger, M., Day, M. N., Hofstee, H. P., Johns, C., Kahle, J., Kameyama, A., Keaty, J., Masubuchi, Y., Riley, M., Shippy, D., Stasiak, D., Suzuoki, M., Wang, M., Warnock, J., Weitzel, S., Wendel, D., Yamazaki, T., and Yazawa, K. 2005. The design and implementation of a first-generation CELL processor. In Proceedings of the IEEE International Solid-State Circuits Conference, 184--185.]]

[31]

Sakai, J., Inoue, H., Abe, T., Suzuki, N., Uekubo, M., Ito, Y., Suzuki, K., Kondo, M., and Edahiro, M. 2005. Multi-Tasking parallel method on MP211 multi-core application processor. In Proceedings of the IEEE Symposium on Low-Power and High-Speed Chips, 198--211.]]

[32]

Sanders, P. 2002. Creating Symbian OS phones. http://www.symbian.com/technology/create-symb-OS-phones.html.]]

[33]

Secure Software. 2001. Rough auditing tool for security (RATS). http://www.securesoftware.com/rats.php.]]

[34]

Sugerman, J., Venkitachalam, G., and Lim, B. 2001. Virtualizing I/O devices on VMware workstation's hosted virtual machine monitor. In Proceedings of the USENIX Annual Technical Conference, 1--14.]]

Digital Library

[35]

Suh, G. E., O'Donnell, C. W., Sachdev, I., and Devadas, S. 2005. Design and implementation of the AEGIS single-chip secure processor using physical random functions. In Proceedings of the International Symposium on Computer Architecture, 25--36.]]

Digital Library

[36]

TCG. 2006. TPM main part 1 design principles. Specification version 1.2, revision 94. https://www.trustedcomputinggroup.org/specs/TPM/Main_Part1_Rev94.zip]]

[37]

Torii, S., Suzuki, S., Tomonaga, H., Tokue, T., Sakai, J., Suzuki, N., Murakami, K., Hiraga, T., Shigemoto, K., Tatebe, Y., Obuchi, E., Kayama, N., Edahiro, M., Kusano, T., and Nishi, N. 2005. A 600MIPS 120mW 70uA leakage triple-CPU mobile application processor chip. In Proceedings of the IEEE International Solid-State Circuits Conference, 136--137.]]

Cited By

Shuja JGani ABilal KKhan AMadani SKhan SZomaya A(2016)A Survey of Mobile Device VirtualizationACM Computing Surveys10.1145/289716449:1(1-36)Online publication date: 5-Apr-2016
https://dl.acm.org/doi/10.1145/2897164
Li NKinebuchi YMitake HShimada HLin TNakajima T(2012)A Light-Weighted Virtualization Layer for Multicore Processor-Based Rich Functional Embedded SystemsProceedings of the 2012 IEEE 15th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing10.1109/ISORC.2012.27(144-153)Online publication date: 11-Apr-2012
https://dl.acm.org/doi/10.1109/ISORC.2012.27
Nakajima TKinebuchi YShimada HCourbot ALin T(2011)Temporal and spatial isolation in a virtualization layer for multi-core processor based information appliancesProceedings of the 16th Asia and South Pacific Design Automation Conference10.5555/1950815.1950942(645-652)Online publication date: 25-Jan-2011
https://dl.acm.org/doi/10.5555/1950815.1950942
Show More Cited By

Index Terms

Processor virtualization for secure mobile terminals
1. Computer systems organization
  1. Architectures
    1. Other architectures
      1. Special purpose systems
  2. Embedded and cyber-physical systems
    1. Embedded systems
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Embedded software
      2. Real-time systems software

Recommendations

VIRTUS: a new processor virtualization architecture for security-oriented next-generation mobile terminals
DAC '06: Proceedings of the 43rd annual Design Automation Conference

We propose a new processor virtualization architecture, VIRTUS, to provide a dedicated domain for pre-installed applications and virtualized domains for downloaded native applications. With it, security-oriented next-generation mobile terminals can ...
Secure virtualization within a multi-processor soft-core system-on-chip architecture
ARC'11: Proceedings of the 7th international conference on Reconfigurable computing: architectures, tools and applications

This work aims to extend the concept of virtualization, which is known from the context of operating systems, for embedded multiprocessor system-on-chip architectures. Thus, by introducing a Virtualization Middleware, we abstract from static bindings ...
Architectural support for hypervisor-secure virtualization
ASPLOS '12

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Design Automation of Electronic Systems

ACM Transactions on Design Automation of Electronic Systems Volume 13, Issue 3

July 2008

370 pages

ISSN:1084-4309

EISSN:1557-7309

DOI:10.1145/1367045

Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 25 July 2008

Accepted: 01 January 2008

Revised: 01 September 2007

Received: 01 April 2007

Published in TODAES Volume 13, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
914
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shuja JGani ABilal KKhan AMadani SKhan SZomaya A(2016)A Survey of Mobile Device VirtualizationACM Computing Surveys10.1145/289716449:1(1-36)Online publication date: 5-Apr-2016
https://dl.acm.org/doi/10.1145/2897164
Li NKinebuchi YMitake HShimada HLin TNakajima T(2012)A Light-Weighted Virtualization Layer for Multicore Processor-Based Rich Functional Embedded SystemsProceedings of the 2012 IEEE 15th International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing10.1109/ISORC.2012.27(144-153)Online publication date: 11-Apr-2012
https://dl.acm.org/doi/10.1109/ISORC.2012.27
Nakajima TKinebuchi YShimada HCourbot ALin T(2011)Temporal and spatial isolation in a virtualization layer for multi-core processor based information appliancesProceedings of the 16th Asia and South Pacific Design Automation Conference10.5555/1950815.1950942(645-652)Online publication date: 25-Jan-2011
https://dl.acm.org/doi/10.5555/1950815.1950942
Gudeth KPirretti MHoeper KBuskey RJiang XBhattacharya ADasgupta PEnck W(2011)Delivering secure applications on commercial mobile devicesProceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices10.1145/2046614.2046622(33-38)Online publication date: 17-Oct-2011
https://dl.acm.org/doi/10.1145/2046614.2046622
Nakajima TKinebuchi YShimada HCourbot ALin T(2011)Temporal and spatial isolation in a virtualization layer for multi-core processor based information appliances16th Asia and South Pacific Design Automation Conference (ASP-DAC 2011)10.1109/ASPDAC.2011.5722268(645-652)Online publication date: Jan-2011
https://doi.org/10.1109/ASPDAC.2011.5722268
Nakajima TKinebuchi YCourbot AShimada HLin TMitake H(2010)Composition kernelProceedings of the 8th IFIP WG 10.2 international conference on Software technologies for embedded and ubiquitous systems10.5555/1927882.1927913(227-238)Online publication date: 13-Oct-2010
https://dl.acm.org/doi/10.5555/1927882.1927913
Lukovic SChristianos N(2010)Enhancing network-on-chip components to support security of processing elementsProceedings of the 5th Workshop on Embedded Systems Security10.1145/1873548.1873560(1-9)Online publication date: 24-Oct-2010
https://dl.acm.org/doi/10.1145/1873548.1873560
Lukovic SChristianos N(2010)Hierarchical multi-agent protection system for NoC based MPSoCsProceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems10.1145/1868433.1868441(1-7)Online publication date: 14-Sep-2010
https://dl.acm.org/doi/10.1145/1868433.1868441
Lukovic SPezzino PFiorin L(2010)Stack protection unit as a step towards securing MPSoCs2010 IEEE International Symposium on Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW)10.1109/IPDPSW.2010.5470728(1-4)Online publication date: Apr-2010
https://doi.org/10.1109/IPDPSW.2010.5470728
Nakajima TKinebuchi YCourbot AShimada HLin TMitake H(2010)Composition Kernel: A Multi-core Processor Virtualization Layer for Rich Functional Smart ProductsSoftware Technologies for Embedded and Ubiquitous Systems10.1007/978-3-642-16256-5_22(227-238)Online publication date: 2010
https://doi.org/10.1007/978-3-642-16256-5_22
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents