Practical Security Properties on Commodity Computing Platforms
The uber eXtensible Micro-Hypervisor Framework
1st Edition
Published on 20. September 2019
XIX, 85 pages
978-3-030-25049-2 (ISBN)
Description
This SpringerBrief discusses the uber eXtensible Micro-hypervisor Framework (uberXMHF), a novel micro-hypervisor system security architecture and framework that can isolate security-sensitive applications from other untrustworthy applications on commodity platforms, enabling their safe co-existence. uberXMHF, in addition, facilitates runtime monitoring of the untrustworthy components, which is illustrated in this SpringerBrief. uberXMHF focuses on three goals which are keys to achieving practical security on commodity platforms: (a) commodity compatibility (e.g., runs unmodified Linux and Windows) and unfettered access to platform hardware; (b) low trusted computing base and complexity; and (c) efficient implementation.
uberXMHF strives to be a comprehensible, practical and flexible platform for performing micro-hypervisor research and development. uberXMHF encapsulates common hypervisor core functionality in a framework that allows developers and users to build custom micro-hypervisor based (security-sensitive) applications (called "uberapps"). The authors describe several uberapps that employ uberXMHF and showcase the framework efficacy and versatility. These uberapps span a wide spectrum of security applications including application compartmentalization and sandboxing, attestation, approved code execution, key management, tracing, verifiable resource accounting, trusted-path and on-demand I/O isolation.
The authors are encouraged by the end result - a clean, barebones, low trusted computing base micro-hypervisor framework for commodity platforms with desirable performance characteristics and an architecture amenable to manual audits and/or formal reasoning. Active, open-source development of uberXMHF continues.
The primary audience for this SpringerBrief is system (security) researchers and developers of commodity system software. Practitioners working in system security deployment mechanisms within industry and defense, as well as advanced-level students studying computer science with an interest in security will also want to read this SpringerBrief.
uberXMHF strives to be a comprehensible, practical and flexible platform for performing micro-hypervisor research and development. uberXMHF encapsulates common hypervisor core functionality in a framework that allows developers and users to build custom micro-hypervisor based (security-sensitive) applications (called "uberapps"). The authors describe several uberapps that employ uberXMHF and showcase the framework efficacy and versatility. These uberapps span a wide spectrum of security applications including application compartmentalization and sandboxing, attestation, approved code execution, key management, tracing, verifiable resource accounting, trusted-path and on-demand I/O isolation.
The authors are encouraged by the end result - a clean, barebones, low trusted computing base micro-hypervisor framework for commodity platforms with desirable performance characteristics and an architecture amenable to manual audits and/or formal reasoning. Active, open-source development of uberXMHF continues.
The primary audience for this SpringerBrief is system (security) researchers and developers of commodity system software. Practitioners working in system security deployment mechanisms within industry and defense, as well as advanced-level students studying computer science with an interest in security will also want to read this SpringerBrief.
More details
Series
Language
English
Place of publication
Cham
Switzerland
Publishing group
Springer International Publishing
Target group
Professional and scholarly
Product notice
Reflowable
Illustrations
XIX, 85 p. 8 illus.
File size
1,92 MB
ISBN-13
978-3-030-25049-2 (9783030250492)
DOI
10.1007/978-3-030-25049-2
Schweitzer Classification
Other editions
Additional editions
Amit Vasudevan
Practical Security Properties on Commodity Computing Platforms
The uber eXtensible Micro-Hypervisor Framework
Book
09/2019
Springer
€53.49
Shipment within 7-9 days
Person
Amit Vasudevan is a Computer Scientist at the Software Engineering Institute (SEI), Carnegie Mellon University (CMU). His research interests include secure (embedded) systems and IoT, virtualization, trusted computing, formal methods, malware analysis and operating systems. His present research focuses on building formally verifiable and trustworthy computing systems. He is the principal force behind the design and development of uberSpark - an innovative architecture and framework for compositional formal verification of security properties of commodity system software; and the uber eXtensible Micro-Hypervisor Framework (uberXMHF) - an open-source, extensible and formally verifiable micro-hypervisor framework which forms the foundation for a new class of (security-oriented) micro-hypervisor based applications ("uberapps") on commodity computing platforms.
He received his Ph.D. and M.S degrees from the Computer Science Department at UT Arlington and spent three yearsas a Post-doctoral fellow at CyLab, Carnegie Mellon University. Before that, he obtained his B.E. from the Computer Science Department at the BMS College of Engineering, Bangalore, India.
He received his Ph.D. and M.S degrees from the Computer Science Department at UT Arlington and spent three yearsas a Post-doctoral fellow at CyLab, Carnegie Mellon University. Before that, he obtained his B.E. from the Computer Science Department at the BMS College of Engineering, Bangalore, India.
Content
- Intro
- Foreword
- Preface
- Book Contents and Structure
- Availability
- Acknowledgments
- Copyright
- Contents
- Acronyms
- Micro-Hypervisors: What? Why?
- 1 Introduction
- 2 Operating System (OS) Kernel Architectures
- 3 Micro-Kernel Architectures
- 4 Hybrid-Kernel Architectures
- 5 Hypervisor Architectures
- 6 Micro-Hypervisor Architecture
- 7 Qualitative Comparative Analysis
- References
- Integrity-Protected Micro-Hypervisor on x86 and ARM Hardware Virtualized Platforms
- 1 Introduction
- 2 Elements of x86 Hardware Virtualization
- 2.1 Overview
- 2.2 Hardware Elements
- 2.2.1 Northbridge
- 2.2.2 Southbridge
- 2.3 Software Elements
- 2.3.1 BIOS/UEFI
- 2.3.2 Option ROMs
- 2.3.3 Power Management Scripts
- 2.3.4 Other Code
- 3 Elements of ARM Hardware Virtualization and Security
- 3.1 Split-World-Based Isolated Execution
- 3.1.1 Memory Isolation
- 3.1.2 Peripheral Isolation
- 3.1.3 DMA Protection
- 3.1.4 Hardware Interrupt Isolation
- 3.2 Virtualization-based Isolated Execution
- 3.2.1 ARM CortexT-A15
- 3.2.2 ARMv7 Virtualization Extensions
- 4 Integrity-Protected Hypervisor
- 4.1 Startup Rules
- 4.2 Runtime Rules
- 4.3 Design Rule
- References
- The Uber eXtensible Micro-Hypervisor Framework (uberXMHF)
- 1 Introduction
- 2 Goals, Properties, and Assumptions
- 2.1 Goals
- 2.1.1 Commodity Compatibility and Unfettered Development
- 2.1.2 Performance
- 2.1.3 Low TCB and Low Complexity
- 2.2 System Properties and Applications
- 2.3 Non-goals
- 2.4 Attacker Model and Assumptions
- 3 Design
- 3.1 ``Rich'' Single-Guest Execution Model
- 3.1.1 Dramatically Reduced Hypervisor Complexity and Consequently TCB
- 3.1.2 Narrow Attacker Interface
- 3.1.3 Near-Native Guest Performance
- 3.2 Architecture Overview
- 3.3 µHV Core and Uberguest
- 3.4 Uberguest Isolation
- 3.4.1 µHV Core Peripheral and Interrupt Partitioning
- 3.5 Uberapps and Uberapp Interactions
- 3.6 Attested Measurements
- 3.7 Protections via Trap-Inspect-Forward
- 3.7.1 DMA Protection
- 3.7.2 Interrupt Protection
- 3.8 Secure Boot
- 3.8.1 Secure Boot via Dynamic Root-of-Trust
- 3.8.2 Secure Boot via Static Root-of-Trust
- 4 uberXMHF Lifecycle
- 4.1 Installation
- 4.2 Startup and Recovery
- 4.3 uberXMHF Distributor
- 4.4 Updates
- 5 uberXMHF Implementation on x86 Platforms
- 5.1 Rich-Guest Execution Model
- 5.1.1 Multi-Core Guest Boot-Up
- 5.1.2 Core Quiescing
- 5.1.3 Rich-Guest Memory Reporting
- 5.2 µHV Core and Uberguest
- 5.3 Uberguest Isolation
- 5.3.1 Memory Isolation
- 5.3.2 Runtime DMA Protection
- 5.3.3 µHV Core Peripheral and Interrupt Partitioning
- 5.4 Uberapps and Uberapp Interactions
- 5.4.1 Synchronous Uberapp Interactions
- 5.4.2 Asynchronous Uberapp Interactions
- 5.4.3 Uberapp API
- 5.5 Attested Measurements
- 5.6 Protections via Trap-Inspect-Forward
- 5.6.1 Access-Control for Critical System Devices
- 5.6.2 TPM Sharing
- 5.7 Secure Boot
- 6 uberXMHF Implementation on ARM Platforms
- 6.1 Raspberry PI Platform Overview
- 6.2 Rich-Guest Execution Model
- 6.2.1 Uberguest Memory Reporting
- 6.2.2 Multi-Core Guest Boot-Up
- 6.3 µHV Core and Uberguest
- 6.4 Uberguest Isolation
- 6.4.1 Uberguest Memory Isolation
- 6.4.2 µHV Core Peripheral and Interrupt Partitioning
- 6.5 Uberapps and Uberapp Interactions
- 6.5.1 Synchronous Uberapp Interactions
- 6.5.2 Asynchronous Uberapp Interactions
- 6.6 Attested Measurements
- 6.7 Protections via Trap-Inspect-Forward
- 6.7.1 DMA Protection
- 6.7.2 Interrupt Protection
- 6.8 Secure Boot
- 7 Evaluation
- 7.1 Trusted Computing Base (TCB)
- 7.2 uberXMHF Security Analysis
- 8 Summary
- 9 Availability
- References
- Micro-Hypervisor Applications
- 1 Introduction
- 2 Red-Green Compartmentalization
- 3 Efficient Attestation
- 4 Approved Execution
- 5 Key Management
- 6 Verifiable Resource Accounting
- 7 Application Sandboxing
- 8 Trusted Path
- 9 On-Demand I/O Isolation
- 10 Execution Tracing
- References
