Affordable Separation on Embedded Platforms: Soft Reboot Enabled Virtualization on a Dual Mode System
Number of Authors: 3
2014 (English)Conference paper (Refereed)
While security has become important in embedded systems, commodity operating systems often fail in effectively separating processes, mainly due to a too large trusted computing base. System virtualization can establish isolation already with a small code base, but many existing embedded CPU architectures have very limited virtualization hardware support, so that the performance impact is often non-negligible. Targeting both security and performance, we investigate an approach in which a few minor hardware additions together with virtualization offer protected execution in embedded systems while still allowing non-virtualized execution when secure services are not needed. Benchmarks of a prototype implementation on an emulated ARM Cortex A8 platform confirm that switching between those two execution forms can be done efficiently.
Place, publisher, year, edition, pages
2014, 8. 37-54 p.
Dual Mode Separation Soft Reboot Virtualization Hypervisor Embedded Systems Security
Computer and Information Science
IdentifiersURN: urn:nbn:se:ri:diva-24327OAI: oai:DiVA.org:ri-24327DiVA: diva2:1043407
Trust & Trustworthy Computing (TRUST) 2014
This is the author version of the correspondent paper published in the proceedings of TRUST 2014 (editors: Thorsten Holz, Sotiris Ioannidis), Springer LNCS 8564. The publisher is Springer International Publishing Switzerland. The final publication is available at http://link.springer.com/10.1007/978-3-319-08593-7_3.2016-10-312016-10-31