Securing DMA through Virtualization
Number of Authors: 2
2012 (English)In: IEEE Conference on Complexity in Engineering, IEEE , 2012, 20Conference paper (Refereed)
We present a solution for preventing guests in a virtualized system from using direct memory access (DMA) to access memory regions of other guests. The principles we suggest, and that we also have implemented, are purely based on software and standard hardware. No additional virtualization hardware such as an I/O Memory Management Unit (IOMMU) is needed. Instead, the protection of the DMA controller is realized with means of a common ARM MMU only. Overhead occurs only in pre- and postprocessing of DMA transfers and is limited to a few microseconds. The solution was designed with focus on security and the abstract concept of the approach was formally verified.
Place, publisher, year, edition, pages
IEEE , 2012, 20.
DMA, virtualization, security, embedded systems, direct memory access, formal verification
Computer and Information Science
IdentifiersURN: urn:nbn:se:ri:diva-24036DOI: 10.1109/CompEng.2012.6242958ISBN: 978-1-4673-1615-6ISBN: 978-1-4673-1615-6OAI: oai:DiVA.org:ri-24036DiVA: diva2:1043115
ISBN: 978-1-4673-1614-9. Copyright 2012 IEEE. Published in the Proceedings of the 2nd IEEE International Conference on Complexity in Engineering, June 11-13, 2012, Aachen, Germany. DOI: 10.1109/CompEng.2012.6242958. Obtainable from http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6242958. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works.2016-10-312016-10-31