Log In Sign Up

Secure System Virtualization: End-to-End Verification of Memory Isolation

by   Hamed Nemati, et al.

Over the last years, security kernels have played a promising role in reshaping the landscape of platform security on today's ubiquitous embedded devices. Security kernels, such as separation kernels, enable constructing high-assurance mixed-criticality execution platforms. They reduce the software portion of the system's trusted computing base to a thin layer, which enforces isolation between low- and high-criticality components. The reduced trusted computing base minimizes the system attack surface and facilitates the use of formal methods to ensure functional correctness and security of the kernel. In this thesis, we explore various aspects of building a provably secure separation kernel using virtualization technology. In particular, we examine techniques related to the appropriate management of the memory subsystem. Once these techniques were implemented and functionally verified, they provide reliable a foundation for application scenarios that require strong guarantees of isolation and facilitate formal reasoning about the system's overall security.


Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing

Hardware enclaves rely on a disjoint memory model, which maps each physi...

Verifying RISC-V Physical Memory Protection

We formally verify an open-source hardware implementation of physical me...

MicroTEE: Designing TEE OS Based on the Microkernel Architecture

ARM TrustZone technology is widely used to provide Trusted Execution Env...

From MMU to MPU: adaptation of the Pip kernel to constrained devices

This article presents a hardware-based memory isolation solution for con...

Keystone: A Framework for Architecting TEEs

Trusted execution environments (TEEs) are becoming a requirement across ...

A Fresh Look at the Architecture and Performance of Contemporary Isolation Platforms

With the ever-increasing pervasiveness of the cloud computing paradigm, ...

Downgrade Attack on TrustZone

Security-critical tasks require proper isolation from untrusted software...