Secure Containers. Jan Imagination Technologies HGI Dec, 2014 p1

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Secure Containers. Jan 2015 www.imgtec.com. Imagination Technologies HGI Dec, 2014 p1"

Transcription

1 Secure Containers Jan Imagination Technologies HGI Dec, 2014 p1

2 What are we protecting? Sensitive assets belonging to the user and the service provider Network Monitor unauthorized access, misuse, modification, or denial of a network-accessible resources Application Operating System Platform Original manufacturer; anti-cloning Application / OS Platform Authenticity Runtime Integrity Data Extranet Data Intranet Secret key, digital certificates Attack Surface Area control execution, view, copy, print, and altering Imagination Technologies HGI Dec, 2014 p2

3 Platform Security Open Everything, Smart Everything, Internet of Everything Problem Mobile Devices, Home Gateways, in vehicle infotainments, etc, increasing require security Solutions Trusted Execution Environment (TEE) Secure Element (SE) Trusted Platform Module (TPM) Implementation Closed proprietary by SoC manufacturer Two World (Secure and Normal) Secure Hypervisor Imagination Technologies HGI Dec, 2014 p3

4 Security Implementation Next generation platforms demand multiple secure data-flows User Space H/W + TPM Layered Two Worlds Normal World Secure World Platform Virtualization VM 0 TEE VM n Hypervisor Reduced Attack Surface Area Single Client Customized Security at a cost Inflexible Proprietary Security schemes Single Client Single TEE Secure Apps coexist in Secure World Restricted scalability in multi-core Multi-Client Multiple TEEs All Secure Apps in own VM Fully scalable in multi-core Imagination Technologies HGI Dec, 2014 p4

5 Scalable Security- Hardware Virtualization Secure Root is the secure hypervisor/kernel access-rights controlled by Root Scalable Supports many s (CPU & GPU pairs) SoC virtualization support Virtualized GIC (interrupt controller) and IOMMU Bus transactions to other IP include ID Benefits Ease of use - no modification required to OS Reliability corrupted/crashed OS1 cannot affect OS2 Performance intelligent resource allocation Heterogeneous GPU operation Secure/non-Secure OS/Apps App App App App OS1 OS2 App Hypervisor/Secure Kernel MIPS core H/W supported Virtualization s -ID Root TPM Boot ROM Imagination Technologies HGI Dec, 2014 p5

6 True Isolation Benefits Secure Extranet TEE Secure Intranet Mature, proven technology used in networking and Compute H/W Firewall high level of security OpenWRT Secure App s Crypto 3 rd Party Containers Secure services can only affect their container Not the overall system Highest flexibility and performance Multiple Secure Domains IP protection provided through system partitioning Software Hardware Secure OS IPC Hypervisor MIPS, PowerVR Heterogeneous Platform Offloads Secure Boot DRAM WAN LAN Imagination Technologies HGI Dec, 2014 p6

7 True Isolation Benefits Secure Extranet TEE Secure Intranet Mature, proven technology used in networking and Compute H/W Firewall high level of security OpenWRT Secure App s Crypto 3 rd Party Containers Secure services can only affect their container Not the overall system Highest flexibility and performance Multiple Secure Domains IP protection provided through system partitioning Software Hardware Secure OS IPC Hypervisor MIPS, PowerVR Heterogeneous Platform Offloads Secure Boot DRAM WAN LAN Imagination Technologies HGI Dec, 2014 p7

8 True Isolation Benefits Secure Extranet TEE Secure Intranet Mature, proven technology used in networking and Compute H/W Firewall high level of security Broadband App s Secure App s Crypto LAN App s Secure services can only affect their container Not the overall system Highest flexibility and performance Multiple Secure Domains IP protection provided through system partitioning Software Hardware Secure OS IPC Hypervisor MIPS, PowerVR Heterogeneous Platform Offloads Secure Boot DRAM WAN LAN Imagination Technologies HGI Dec, 2014 p8

9 Security no longer a CPU bound problem Secure Containers - Isolate concurrent flows Licensing Terms and IP Separation Partitioning of incompatible licensing terms Proprietary vs open source Security and Robustness Isolate critical software Reduction in application testing and certification S/W H/W VMn User Kernel VM3 User Kernel CPU Cluster VM2 User Kernel User Kernel Secure Hypervisor MMU Coherent Fabric SoC VM1 Network layers Offloads (Crypto, IP, etc) I/O vgpu 1 GPU Cluster MMU vgpu 2 Increase Privilege Memory Memory X Secure Domains Protected Partitions Imagination Technologies HGI Dec, 2014 p9 X TPM Boot ROM

10 Summary Virtualization is indispensable to the future of embedded system design A secure Hypervisor is the foundation of a Secure and Reliable embedded system A virtualized environment offers flexible software management Virtualization provides Hardware firewall-grade security Scalability Reliability Total cost of ownership is dramatically reduced MIPS Virtualization is the right technology for the secure digital world Imagination Technologies HGI Dec, 2014 p10

11 Thank you Imagination Technologies HGI Dec, 2014 p11

The MIPS architecture and virtualization

The MIPS architecture and virtualization The MIPS architecture and virtualization Simply put, virtualization makes one physical device appear as one or more virtual devices. Virtualization can be implemented at the processor level (e.g. CPU or

More information

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone Comprehensive Security for Internet-of-Things Devices With ARM TrustZone Howard Williams mentor.com/embedded Internet-of-Things Trends The world is more connected IoT devices are smarter and more complex

More information

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of

More information

Sierraware Overview. Simply Secure

Sierraware Overview. Simply Secure Sierraware Overview Simply Secure Sierraware Software Suite SierraTEE/Micro Kernel TrustZone/GlobalPlatform TEE SierraVisor: Bare Metal Hypervisor Hypervisor for ARM Para-virtualization, TrustZone Virtualization,

More information

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014) Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014) ManolisMarazakis (maraz@ics.forth.gr) Institute of Computer Science (ICS) Foundation

More information

Hardware Based Virtualization Technologies. Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect

Hardware Based Virtualization Technologies. Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect Hardware Based Virtualization Technologies Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect Outline What is Virtualization? Evolution of Virtualization AMD Virtualization AMD s IO Virtualization

More information

Virtualization for Hard Real-Time Applications Partition where you can Virtualize where you have to

Virtualization for Hard Real-Time Applications Partition where you can Virtualize where you have to Virtualization for Hard Real-Time Applications Partition where you can Virtualize where you have to Hanspeter Vogel Triadem Solutions AG Real-Time Systems GmbH Gartenstrasse 33 D-88212 Ravensburg Germany

More information

A Scalable VISC Processor Platform for Modern Client and Cloud Workloads

A Scalable VISC Processor Platform for Modern Client and Cloud Workloads A Scalable VISC Processor Platform for Modern Client and Cloud Workloads Mohammad Abdallah Founder, President and CTO Soft Machines Linley Processor Conference October 7, 2015 Agenda Soft Machines Background

More information

Embedded Java & Secure Element for high security in IoT systems

Embedded Java & Secure Element for high security in IoT systems Embedded Java & Secure Element for high security in IoT systems JavaOne - September 2014 Anne-Laure SIXOU - ST Thierry BOUSQUET - ST Frédéric VAUTE - Oracle Speakers 2 Anne-Laure SIXOU Smartgrid Product

More information

Hardware accelerated Virtualization in the ARM Cortex Processors

Hardware accelerated Virtualization in the ARM Cortex Processors Hardware accelerated Virtualization in the ARM Cortex Processors John Goodacre Director, Program Management ARM Processor Division ARM Ltd. Cambridge UK 2nd November 2010 Sponsored by: & & New Capabilities

More information

Intel Virtualization Technology (VT) in Converged Application Platforms

Intel Virtualization Technology (VT) in Converged Application Platforms Intel Virtualization Technology (VT) in Converged Application Platforms Enabling Improved Utilization, Change Management, and Cost Reduction through Hardware Assisted Virtualization White Paper January

More information

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

Microkernels, virtualization, exokernels. Tutorial 1 CSC469 Microkernels, virtualization, exokernels Tutorial 1 CSC469 Monolithic kernel vs Microkernel Monolithic OS kernel Application VFS System call User mode What was the main idea? What were the problems? IPC,

More information

Full and Para Virtualization

Full and Para Virtualization Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels

More information

NoHype: Virtualized Cloud Infrastructure without the Virtualization

NoHype: Virtualized Cloud Infrastructure without the Virtualization NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee Princeton University ISCA 2010 Virtualized Cloud Infrastructure Run virtual machines

More information

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS Prof. Dr.-Ing. Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer Research Institution

More information

MODULE 3 VIRTUALIZED DATA CENTER COMPUTE

MODULE 3 VIRTUALIZED DATA CENTER COMPUTE MODULE 3 VIRTUALIZED DATA CENTER COMPUTE Module 3: Virtualized Data Center Compute Upon completion of this module, you should be able to: Describe compute virtualization Discuss the compute virtualization

More information

IoT: Smart Vision Leads The Way

IoT: Smart Vision Leads The Way IoT: Smart Vision Leads The Way Peter McGuinness Multimedia Technology Marketing www.imgtec.com IoT is changing from amorphous to concrete: Imagination Technologies US Summit May 2015 2 IoT is changing

More information

PikeOS: Multi-Core RTOS for IMA. Dr. Sergey Tverdyshev SYSGO AG 29.10.2012, Moscow

PikeOS: Multi-Core RTOS for IMA. Dr. Sergey Tverdyshev SYSGO AG 29.10.2012, Moscow PikeOS: Multi-Core RTOS for IMA Dr. Sergey Tverdyshev SYSGO AG 29.10.2012, Moscow Contents Multi Core Overview Hardware Considerations Multi Core Software Design Certification Consideratins PikeOS Multi-Core

More information

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution 1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root

More information

Virtualization. Michael Tsai 2015/06/08

Virtualization. Michael Tsai 2015/06/08 Virtualization Michael Tsai 2015/06/08 What is virtualization? Let s first look at a video from VMware http://bcove.me/x9zhalcl Problems? Low utilization Different needs DNS DHCP Web mail 5% 5% 15% 8%

More information

Next Generation Operating Systems

Next Generation Operating Systems Next Generation Operating Systems Zeljko Susnjar, Cisco CTG June 2015 The end of CPU scaling Future computing challenges Power efficiency Performance == parallelism Cisco Confidential 2 Paradox of the

More information

Customer Experience. Silicon. Support & Professional Eng. Services. Freescale Provided SW & Solutions

Customer Experience. Silicon. Support & Professional Eng. Services. Freescale Provided SW & Solutions September 2013 Silicon Support & Professional Eng. Services Customer Experience Freescale Provided SW & Solutions Provide Valued Software, Support & Professional Engineering Services, Competitively 2 Customer

More information

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey February 26, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey

More information

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits: Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D. Chisnall The definitive guide to Xen Hypervisor G. Kesden Lect. 25 CS 15-440 G. Heiser UNSW/NICTA/OKL Virtualization is a technique

More information

Virtual Machine Security

Virtual Machine Security Virtual Machine Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ 1 Operating System Quandary Q: What is the primary goal

More information

Virtualization. Pradipta De pradipta.de@sunykorea.ac.kr

Virtualization. Pradipta De pradipta.de@sunykorea.ac.kr Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation

More information

Security 4.0 - Security by Separation

Security 4.0 - Security by Separation Security 4.0 - Security by Separation Making Industrial Control Systems More Secure Author(s): Date: Version Mehmet Özer 19.05.2015 v1.0 SYSGO AG 1 Agenda Security Challenges IoT Architecture for Industrial

More information

Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics. Qin Yin Fall Semester 2013

Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics. Qin Yin Fall Semester 2013 Network Virtualization and Data Center Networks 263-3825-00 Data Center Virtualization - Basics Qin Yin Fall Semester 2013 1 Walmart s Data Center 2 Amadeus Data Center 3 Google s Data Center 4 Data Center

More information

Above the clouds: A Berkeley View of Cloud Computing

Above the clouds: A Berkeley View of Cloud Computing Partial Review-2 On the paper Above the clouds: A Berkeley View of Cloud Computing By Nikhil Ramteke Sr. No.- 07125 6. Cloud Computing Economics Observation in Cloud Economics mainly concerns with following

More information

Smartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved

Smartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved Smartphone Security A Holistic view of Layered Defenses David M. Wheeler, CISSP, CSSLP, GSLC 1 The Smartphone Market The smartphone security market is expected to grow at a rate of 44 percent annually

More information

Multi-core Programming System Overview

Multi-core Programming System Overview Multi-core Programming System Overview Based on slides from Intel Software College and Multi-Core Programming increasing performance through software multi-threading by Shameem Akhter and Jason Roberts,

More information

Leveraging Thin Hypervisors for Security on Embedded Systems

Leveraging Thin Hypervisors for Security on Embedded Systems Leveraging Thin Hypervisors for Security on Embedded Systems Christian Gehrmann A part of Swedish ICT What is virtualization? Separation of a resource or request for a service from the underlying physical

More information

WIND RIVER SECURE ANDROID CAPABILITY

WIND RIVER SECURE ANDROID CAPABILITY WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion

More information

Enabling Technologies for Distributed Computing

Enabling Technologies for Distributed Computing Enabling Technologies for Distributed Computing Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF Multi-core CPUs and Multithreading Technologies

More information

Virtual Hosting & Virtual Machines

Virtual Hosting & Virtual Machines & Virtual Machines Coleman Kane Coleman.Kane@ge.com September 2, 2014 Cyber Defense Overview / Machines 1 / 17 Similar to the network partitioning schemes described previously, there exist a menu of options

More information

Virtual Machines. COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361

Virtual Machines. COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361 s COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361 1 Virtualization! Create illusion of multiple machines on the same physical hardware! Single computer hosts multiple virtual machines

More information

ADM5120 HOME GATEWAY CONTROLLER. Product Notes

ADM5120 HOME GATEWAY CONTROLLER. Product Notes HOME GATEWAY CONTROLLER Product Notes ADMtek.com.tw Information in this document is provided in connection with ADMtek products. ADMtek may make changes to specifications and product descriptions at any

More information

Virtual Machines. Virtualization

Virtual Machines. Virtualization Virtual Machines Marie Roch Tanenbaum 8.3 contains slides from: Tanenbaum 3 rd ed. 2008 1 Virtualization Started with the IBM System/360 in the 1960s Basic concept simulate multiple copies of the underlying

More information

Embedded Virtualization & Cyber Security for Industrial Automation HyperSecured PC-based Control and Operation

Embedded Virtualization & Cyber Security for Industrial Automation HyperSecured PC-based Control and Operation Embedded Virtualization & Cyber Security for Industrial Automation HyperSecured PC-based Control and Operation Industrial controllers and HMIs today mostly lack protective functions for their IT and network

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Attacking Hypervisors via Firmware and Hardware

Attacking Hypervisors via Firmware and Hardware Attacking Hypervisors via Firmware and Hardware Alex Matrosov (@matrosov), Mikhail Gorobets, Oleksandr Bazhaniuk (@ABazhaniuk), Andrew Furtak, Yuriy Bulygin (@c7zero) Advanced Threat Research Agenda Hypervisor

More information

Windows Server Virtualization & The Windows Hypervisor

Windows Server Virtualization & The Windows Hypervisor Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick

More information

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced

More information

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures

More information

Virtualization benefits Introduction to XenSource How Xen is changing virtualization The Xen hypervisor architecture Xen paravirtualization

Virtualization benefits Introduction to XenSource How Xen is changing virtualization The Xen hypervisor architecture Xen paravirtualization www.xensource.com Virtualization benefits Introduction to XenSource How Xen is changing virtualization The Xen hypervisor architecture Xen paravirtualization Interoperable virtualization The XenEnterprise*

More information

Republic Polytechnic School of Information and Communications Technology C226 Operating System Concepts. Module Curriculum

Republic Polytechnic School of Information and Communications Technology C226 Operating System Concepts. Module Curriculum Republic Polytechnic School of Information and Communications Technology C6 Operating System Concepts Module Curriculum Module Description: This module examines the fundamental components of single computer

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Overview What are Containers? Containers and The Cloud Containerization vs. H/W Virtualization

More information

Hitachi Virtage Embedded Virtualization Hitachi BladeSymphony 10U

Hitachi Virtage Embedded Virtualization Hitachi BladeSymphony 10U Hitachi Virtage Embedded Virtualization Hitachi BladeSymphony 10U Datasheet Brings the performance and reliability of mainframe virtualization to blade computing BladeSymphony is the first true enterprise-class

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

AppliedMicro Trusted Management Module

AppliedMicro Trusted Management Module AppliedMicro Trusted Management Module Majid Bemanian, Sr. Director of Marketing, Applied Micro Processor Business Unit July 12, 2011 Celebrating 20 th Anniversary of Power Architecture 1 AppliedMicro

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers

CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture 4 Virtualization of Clusters and Data Centers Text Book: Distributed and Cloud Computing, by K. Hwang, G C. Fox, and J.J. Dongarra,

More information

GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS

GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS Embedded Systems White Paper GETTING STARTED WITH ANDROID DEVELOPMENT FOR EMBEDDED SYSTEMS September 2009 ABSTRACT Android is an open source platform built by Google that includes an operating system,

More information

High Performance or Cycle Accuracy?

High Performance or Cycle Accuracy? CHIP DESIGN High Performance or Cycle Accuracy? You can have both! Bill Neifert, Carbon Design Systems Rob Kaye, ARM ATC-100 AGENDA Modelling 101 & Programmer s View (PV) Models Cycle Accurate Models Bringing

More information

From Ethernet Ubiquity to Ethernet Convergence: The Emergence of the Converged Network Interface Controller

From Ethernet Ubiquity to Ethernet Convergence: The Emergence of the Converged Network Interface Controller White Paper From Ethernet Ubiquity to Ethernet Convergence: The Emergence of the Converged Network Interface Controller The focus of this paper is on the emergence of the converged network interface controller

More information

Hardware/microprocessor Run- time executive (real- time OS, hypervisor, etc.) Web messaging infrastructure

Hardware/microprocessor Run- time executive (real- time OS, hypervisor, etc.) Web messaging infrastructure Firmware Strategy for the Internet of Cars David Kleidermacher, CTO Green Hills Software The Internet of Things (IoT) trend can be defined as the rapid assimilation of the world s objects (anything that

More information

Enabling Technologies for Distributed and Cloud Computing

Enabling Technologies for Distributed and Cloud Computing Enabling Technologies for Distributed and Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Multi-core CPUs and Multithreading

More information

New Methodologies in Smart Card Security Design. Y.GRESSUS Methodology and Secure ASIC development manager, Bull CP8

New Methodologies in Smart Card Security Design. Y.GRESSUS Methodology and Secure ASIC development manager, Bull CP8 New Methodologies in Smart Card Security Design Y.GRESSUS Methodology and Secure ASIC development manager, Bull CP8 Japan Security Conference Page 2 Trends Opportunities New methodologies Summary Concurrent

More information

Proposal for Virtual Private Server Provisioning

Proposal for Virtual Private Server Provisioning Interpole Solutions 1050, Sadguru Darshan, New Prabhadevi Road, Mumbai - 400 025 Tel: 91-22-24364111, 24364112 Email : response@interpole.net Website: www.interpole.net Proposal for Virtual Private Server

More information

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded

More information

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:

Uses for Virtual Machines. Virtual Machines. There are several uses for virtual machines: Virtual Machines Uses for Virtual Machines Virtual machine technology, often just called virtualization, makes one computer behave as several computers by sharing the resources of a single computer between

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces Software Engineering, Lecture 4 Decomposition into suitable parts Cross cutting concerns Design patterns I will also give an example scenario that you are supposed to analyse and make synthesis from The

More information

The Xen of Virtualization

The Xen of Virtualization The Xen of Virtualization Assignment for CLC-MIRI Amin Khan Universitat Politècnica de Catalunya March 4, 2013 Amin Khan (UPC) Xen Hypervisor March 4, 2013 1 / 19 Outline 1 Introduction 2 Architecture

More information

ARM TrustZone and KVM Coexistence with RTOS For Automotive

ARM TrustZone and KVM Coexistence with RTOS For Automotive ARM TrustZone and KVM Coexistence with RTOS For Automotive Michele Paolino m.paolino@virtualopensystems.com Automotive-grade Linux Summit, 2015-06-01, Tokyo, Japan Authorship and sponsorship Michele Paolino,

More information

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator Confidentio Integrated security processing unit Including key management module, encryption engine and random number generator Secure your digital life Confidentio : An integrated security processing unit

More information

Commercially Proven Trusted Computing Solutions RSA 2010

Commercially Proven Trusted Computing Solutions RSA 2010 Commercially Proven Trusted Computing Solutions RSA 2010 Hardware Self-Encrypting Drives (SEDs) Unique Security Features Encryption below the file system Hardware root-of-trust for encryption Tamper resistant

More information

Virtual Machine in Data Center Switches Huawei Virtual System

Virtual Machine in Data Center Switches Huawei Virtual System Virtual Machine in Data Center Switches Huawei Virtual System Contents 1 Introduction... 3 2 VS: From the Aspect of Virtualization Technology... 3 3 VS: From the Aspect of Market Driving... 4 4 VS: From

More information

COS 318: Operating Systems. Virtual Machine Monitors

COS 318: Operating Systems. Virtual Machine Monitors COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have

More information

LinuxCon/CloudOpen 2015

LinuxCon/CloudOpen 2015 LinuxCon/CloudOpen 2015 The Bare-Metal Hypervisor as a Platform for Innovation By Russell Pavlicek Xen Project Evangelist Russell.Pavlicek@XenProject.org @RCPavlicek About the Old, Fat Geek Up Front Linux

More information

Delivering Unprecedented Innovation to Create Flexible Virtual Environments

Delivering Unprecedented Innovation to Create Flexible Virtual Environments Delivering Unprecedented Innovation to Create Flexible Virtual Environments Cisco and Vmware Virtualizing the Data Center Maximize IT Productivity while Lowering Capital and Operating Costs 2010 Cisco

More information

Tim Tharratt, Technical Design Lead Neil Burton, Citrix Consultant

Tim Tharratt, Technical Design Lead Neil Burton, Citrix Consultant Tim Tharratt, Technical Design Lead Neil Burton, Citrix Consultant Replacement solution for aging heritage branch infrastructures (Co-op and Britannia) New unified app delivery platform for the bank to

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

EECatalog SPECIAL FEATURE

EECatalog SPECIAL FEATURE Type Zero Hypervisor the New Frontier in Embedded Virtualization The hypervisor s full control over the hardware platform and ability to virtualize hardware platforms are beneficial in environments that

More information

ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY

ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY Dr. Gregg Wildes DornerWorks www.dornerworks.com Embedded Systems Engineering for Security and Safety-Critical Systems Where Hardware

More information

Broadcom Ethernet Network Controller Enhanced Virtualization Functionality

Broadcom Ethernet Network Controller Enhanced Virtualization Functionality White Paper Broadcom Ethernet Network Controller Enhanced Virtualization Functionality Advancements in VMware virtualization technology coupled with the increasing processing capability of hardware platforms

More information

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology Reduce I/O cost and power by 40 50% Reduce I/O real estate needs in blade servers through consolidation Maintain

More information

Secure data processing: Blind Hypervision

Secure data processing: Blind Hypervision Secure data processing: Blind Hypervision P. Dubrulle, R. Sirdey, E. Ohayon, P. Dore and M. Aichouch CEA LIST Contact : paul.dubrulle@cea.fr www.cea.fr Cliquez pour modifier le style Introduction titre

More information

Basics of Virtualisation

Basics of Virtualisation Basics of Virtualisation Volker Büge Institut für Experimentelle Kernphysik Universität Karlsruhe Die Kooperation von The x86 Architecture Why do we need virtualisation? x86 based operating systems are

More information

Compromise-as-a-Service

Compromise-as-a-Service ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg 3/31/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm & Matthias Luft {fwilhelm, mluft}@ernw.de ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg Agenda

More information

Powered by Windows Server 2012

Powered by Windows Server 2012 Firewall Powered by Windows Server 2012 Desktop sessions Pooled VMs Personal VMs 1 platform 1 experience 3 deployment choices Corporate Office Branch Office Home Public Location Use a scale-out file server

More information

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Introduction

More information

Knut Omang Ifi/Oracle 19 Oct, 2015

Knut Omang Ifi/Oracle 19 Oct, 2015 Software and hardware support for Network Virtualization Knut Omang Ifi/Oracle 19 Oct, 2015 Motivation Goal: Introduction to challenges in providing fast networking to virtual machines Prerequisites: What

More information

High-performance VoIP Traffic Optimizer Client Solution

High-performance VoIP Traffic Optimizer Client Solution AP-VTO200 VoIP Traffic Optimizer Client High-performance VoIP Traffic Optimizer Client Solution AddPac Technology 2014, Sales and Marketing www.addpac.com Contents Product Overview Benefits and Features

More information

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014 Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution

More information

Reviving smart card analysis

Reviving smart card analysis Reviving smart card analysis Christopher Tarnovsky Karsten Nohl chris@flylogic.net nohl@srlabs.de Executive summary Modern smart cards should be analyzed 1. Smart card chips provide the trust base for

More information

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Kurt Klemperer, Principal System Performance Engineer kklemperer@blackboard.com Agenda Session Length:

More information

Parallels Virtuozzo Containers

Parallels Virtuozzo Containers Parallels Virtuozzo Containers White Paper Top Ten Considerations For Choosing A Server Virtualization Technology www.parallels.com Version 1.0 Table of Contents Introduction... 3 Technology Overview...

More information

Virtualization Technologies (ENCS 691K Chapter 3)

Virtualization Technologies (ENCS 691K Chapter 3) Virtualization Technologies (ENCS 691K Chapter 3) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ The Key Technologies on Which Cloud Computing

More information

Intel Graphics Virtualization Technology Update. Zhi Wang, zhi.a.wang@intel.com

Intel Graphics Virtualization Technology Update. Zhi Wang, zhi.a.wang@intel.com Intel Graphics Virtualization Technology Update Zhi Wang, zhi.a.wang@intel.com Agenda The History Intel Graphics Virtualization Technology Update New Usage Scenarios Upstream Status Summary 2 Intel GPU

More information

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu Lecture 2 Cloud Computing & Virtualization Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu Outline Introduction to Virtualization The Major Approaches

More information

DATA CENTER VIRTUALIZATION AND ITS ECONOMIC IMPLICATIONS FOR THE COMPANIES

DATA CENTER VIRTUALIZATION AND ITS ECONOMIC IMPLICATIONS FOR THE COMPANIES Scientific Bulletin Economic Sciences, Vol. 8 (14) DATA CENTER VIRTUALIZATION AND ITS ECONOMIC IMPLICATIONS FOR THE COMPANIES Senior lect. Ph.D. Logica BĂNICĂ, Professor Ph.D. Mariana JURIAN, Assistant

More information

Chapter 14 Virtual Machines

Chapter 14 Virtual Machines Operating Systems: Internals and Design Principles Chapter 14 Virtual Machines Eighth Edition By William Stallings Virtual Machines (VM) Virtualization technology enables a single PC or server to simultaneously

More information

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC 1 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

More information

Beyond Virtualization: A Novel Software Architecture for Multi-Core SoCs. Jim Ready September 18, 2012

Beyond Virtualization: A Novel Software Architecture for Multi-Core SoCs. Jim Ready September 18, 2012 Beyond Virtualization: A Novel Software Architecture for Multi-Core SoCs Jim Ready September 18, 2012 How HW guys view the world SW Software HW How SW guys view the world SW HW Reality The SoC Software

More information

3.1 IaaS Definition. IaaS: Infrastructure as a Service

3.1 IaaS Definition. IaaS: Infrastructure as a Service 1 3.1 IaaS Definition IaaS: Infrastructure as a Service Through the internet, provide IT server, storage, computing power and other infrastructure capacity to the end users and the service fee based on

More information

The Review of Virtualization in an Isolated Computer Environment

The Review of Virtualization in an Isolated Computer Environment The Review of Virtualization in an Isolated Computer Environment Sunanda Assistant professor, Department of Computer Science & Engineering, Ludhiana College of Engineering & Technology, Ludhiana, Punjab,

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization

More information