DeepAI
Log In Sign Up

Secure System Virtualization: End-to-End Verification of Memory Isolation

05/06/2020
by   Hamed Nemati, et al.
0

Over the last years, security kernels have played a promising role in reshaping the landscape of platform security on today's ubiquitous embedded devices. Security kernels, such as separation kernels, enable constructing high-assurance mixed-criticality execution platforms. They reduce the software portion of the system's trusted computing base to a thin layer, which enforces isolation between low- and high-criticality components. The reduced trusted computing base minimizes the system attack surface and facilitates the use of formal methods to ensure functional correctness and security of the kernel. In this thesis, we explore various aspects of building a provably secure separation kernel using virtualization technology. In particular, we examine techniques related to the appropriate management of the memory subsystem. Once these techniques were implemented and functionally verified, they provide reliable a foundation for application scenarios that require strong guarantees of isolation and facilitate formal reasoning about the system's overall security.

READ FULL TEXT
09/30/2022

Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing

Hardware enclaves rely on a disjoint memory model, which maps each physi...
11/03/2022

Verifying RISC-V Physical Memory Protection

We formally verify an open-source hardware implementation of physical me...
08/20/2019

MicroTEE: Designing TEE OS Based on the Microkernel Architecture

ARM TrustZone technology is widely used to provide Trusted Execution Env...
01/11/2023

From MMU to MPU: adaptation of the Pip kernel to constrained devices

This article presents a hardware-based memory isolation solution for con...
07/23/2019

Keystone: A Framework for Architecting TEEs

Trusted execution environments (TEEs) are becoming a requirement across ...
10/21/2021

A Fresh Look at the Architecture and Performance of Contemporary Isolation Platforms

With the ever-increasing pervasiveness of the cloud computing paradigm, ...
07/17/2017

Downgrade Attack on TrustZone

Security-critical tasks require proper isolation from untrusted software...