How To Build A Provably Secure Execution Platform For Embedded Systems
|
|
- Cuthbert King
- 3 years ago
- Views:
Transcription
1 Provably Secure Execution Platforms for Embedded Systems ---- The PROSPER Project Mads Dam KTH Royal Institute of Technology Programvara för konkurrenskraft, SSF, Vinnova, 10 Feb 2015
2 The Evolving Security Landscape Increasing attack surfaces Increasing aggregate value Increasing attack sophistication Increasing demand for strong security solutions Industrial pull for strong verification techniques Significant exploitation potential
3 It s the Execution Platform, Stupid! Processor hardware: a shared commodity - User, payment provider, media owner, platform provider, operating system, - All need private, tamperproof storage and cpu cycles - Without this, security will remain fragile Need trustworthy execution environments - Allow secure sharing of hardware - Memory isolation - Minimal - Open to scrutiny
4 Secure Virtualization Applications OS Applications Secure OS Hypervisor CPU
5 PROSPER Objectives Build the next-generation framework for fully verified, secure hypervisors for embedded systems Demonstrate utility using - Commodity hardware ARMv7/v8, MIPS, - Commodity software Linux, RTOS, Develop the required verification technology - Theory - Tools - For security formalization and analysis - For hypervisor development
6 Demonstrator: Provably Secure Kernel Updates in Linux on ARM Network driver Monitor Hypervisor Objective: Execute only signed programs
7 What Does This Give Us? Theorem: Assume: 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed
8 What Does This Give Us? Theorem: Assume: 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed, AND Hypervisor is never tampered with
9 What Does This Give Us? Theorem: Assume: 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed, AND Hypervisor is never tampered with, AND Monitor is never tampered with
10 What Does This Give Us? Theorem: Assume: 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed, AND Hypervisor is never tampered with, AND Monitor is never tampered with, AND No memory page is ever simultaneously write and execute enabled,
11 What Does This Give Us? Theorem: Assume: 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed This is a big deal!
12 Theorem: Assume: What Does This Give Us? 1. The processor model is correct. 2. The hypervisor is securely initialized. 3. The initial Linux image is signed. Then: Only signed code is ever executed This is a big deal! Theorem about security inside COTS OS No Linux bug can cause unsigned code to be executed Use to bootstrap many provably secure services
13 How Do We Do This? Theorem proving + binary verification Formal processor ISA specification - Including memory management unit - Large task Top level security specification: Processor + idealized MMU behaviour Low level implementation Proof of equivalence Repeat as needed
14 PROSPER Results So Far Hypervisor #1: Separation kernel for ARMv7 Fully verified at assembly level Papers in CCS 13, CPP 13, TrustED 13 Hypervisor #2: Linux-on-ARM hypervisor Partially verified at assembly level Papers in CCS 14, Sofsem 15 Lots of auxiliary theory and tools
15 PROSPER Results To Come Hypervisor #3: Linux-on-ARM hypervisor for 64 bit ARMv8 Much more complex hardware: - Multicore essential - Virtualization support To do: ISA-level multicore model + validation Processor architecture analysis tool Verification support for concurrent machine code Hypervisor design and analysis
16 Spin-offs and Collaborations Vinnova UDI project HASPOC w. Ericsson, Sectra, T2Data, Tutus, Atsec, SICS, KTH 1 patent application 2 PhD s completed Open source hypervisor release SICS project with Ericsson Research EU FP7 project UaESMC, KTH MONITOR project KTH-Ericsson HOL4 Cambridge team (Fox, Myreen) TU-Berlin and DT Labs (Seifert) INRIA/IRISA/DGA Rennes...
17 Team At KTH: Mads Dam, Prof, PI Roberto Guanciale, postdoc Christoph Baumann, postdoc Hamed Nemati, PhD student MSc students (Andreas Lundblad, PhD) (Gurvan le Guernic, postdoc) (Narges Khakpour, postdoc) (Musard Balliu, PhD) At SICS: Christian Gehrmann, PhD, co-pi Arash Vahidi, PhD Oliver Schwarz, PhD student Viktor Do, researcher MSc students
18 Main Publications Schwarz, Gehrmann, Securing DMA through Virtualization, IEEE Workshop on Complexity in Engineering, June 2012, Aachen, Germany. Balliu, Dam, Le Guernic. ENCOVER: Symbolic Exploration for Information Flow Security. In Proc. CSF '12. Dam, Lundblad, le Guernic: TreeDroid: a tree automaton based approach to enforcing data processing policies", Proc. CCS'12 Vahidi, Jämthagen, "Secure RPC in embedded systems - Evaluation of some GlobalPlatform implementation alternatives, 8th Workshop on Embedded Systems Security, 2013 Dam, Guanciale, Khakpour, Nemati, Schwarz, "Formal Verification of Information Flow Security for a Simple ARM-Based Separation Kernel", CCS 13 Khakpour, Schwarz, Dam, "Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties", Proc CPP 13 Dam, Guanciale, Nemati, Machine code verification of a tiny ARM hypervisor, in Proc. TrustED 13 Lundblad, Inlined reference monitors: Certification, concurrency, and tree based monitoring, PhD thesis, KTH, 2013 M. Balliu: A Logic for Information Flow Analysis of Distributed Programs. Proc. 18th Nordic Conference on Secure IT Systems, NordSec 2013, Ilulissat, Greenland, October 18-21, M. Dam, R. Guanciale, N. Khakpour "Method and Approach for Kernel Security Analysis," PCT pat. application no. PCT/EP2013/059602, 2013 O. Schwarz, C. Gehrmann, V. Do. Affordable Separation on Embedded Platforms: Soft Reboot Enabled Virtualization on a Dual Mode System, Proc. Trust 14, Balliu, Dam, Guanciale: Automating information flow analysis of low level code, CCS 14 Schwarz, Dam: Formal verification of secure user mode device execution with DMA, HVC 14 Nemati, Guanciale, Dam: Trustworthy isolation of the ARMv7 memory subsystem, Sofsem 15 Musard Balliu: Logics for information flow security: From specification to implementation, PhD thesis, KTH, 2014.
Research in Embedded Systems at the CSC School
Research in Embedded Systems at the CSC School Prof. Mads Dam Theoretical Computer Science School of Computer Science and Communication mfd@kth.se, tel.08-790 6229 CSC Departments CB Computational Biology
More informationLeveraging Thin Hypervisors for Security on Embedded Systems
Leveraging Thin Hypervisors for Security on Embedded Systems Christian Gehrmann A part of Swedish ICT What is virtualization? Separation of a resource or request for a service from the underlying physical
More informationB.Sc. in Computer Engineering, School of Electrical and Computer Engineering,
Narges Khakpour Postdoctoral Researcher Theoretical Computer Science School of Computer Science and Communication Royal Institute of Technology (KTH) Stockholm E-mail: nargeskh@kth.se Leiden Institute
More informationEmbedded Systems at the CSC School
Embedded Systems at the CSC School Prof. Mads Dam Theoretical Computer Science School of Computer Science and Communication mfd@kth.se, tel.08-790 6229 CSC Departments CB Computational Biology CVAP Computer
More informationFrontiers in Cyber Security: Beyond the OS
2013 DHS S&T/DoD ASD (R&E) CYBER SECURITY SBIR WORKSHOP Frontiers in Cyber Security: Beyond the OS Clear Hat Consulting, Inc. Sherri Sparks 7/23/13 Company Profile CHC was founded in 2007 by S. Sparks
More informationVirtualization for Cloud Computing
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources
More informationIoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
More informationVirtualization for Hard Real-Time Applications Partition where you can Virtualize where you have to
Virtualization for Hard Real-Time Applications Partition where you can Virtualize where you have to Hanspeter Vogel Triadem Solutions AG Real-Time Systems GmbH Gartenstrasse 33 D-88212 Ravensburg Germany
More informationAnalysis of the Linux Audit System 1
Analysis of the Linux Audit System 1 Authors Bruno Morisson, MSc (Royal Holloway, 2014) Stephen Wolthusen, ISG, Royal Holloway Overview Audit mechanisms on an operating system (OS) record relevant system
More informationVirtualization for Future Internet
Virtualization for Future Internet 2010.02.23 Korea University Chuck Yoo (hxy@os.korea.ac.kr) Why Virtualization Internet today Pro and con Your wonderful research results Mostly with simulation Deployment
More informationFull and Para Virtualization
Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels
More informationCHAPTER 1 INTRODUCTION
1 CHAPTER 1 INTRODUCTION 1.1 MOTIVATION OF RESEARCH Multicore processors have two or more execution cores (processors) implemented on a single chip having their own set of execution and architectural recourses.
More informationVirtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)
Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014) ManolisMarazakis (maraz@ics.forth.gr) Institute of Computer Science (ICS) Foundation
More informationTHE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein INNOVATORS START HERE. EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly growing data
More informationDevelopment of Type-2 Hypervisor for MIPS64 Based Systems
Development of Type-2 Hypervisor for MIPS64 Based Systems High Performance Computing and Networking Lab Al-Khwarizmi Institute of Computer Science University of Engineering & Technology Lahore Pakistan
More informationHardware accelerated Virtualization in the ARM Cortex Processors
Hardware accelerated Virtualization in the ARM Cortex Processors John Goodacre Director, Program Management ARM Processor Division ARM Ltd. Cambridge UK 2nd November 2010 Sponsored by: & & New Capabilities
More informationIOMMU: A Detailed view
12/1/14 Security Level: Security Level: IOMMU: A Detailed view Anurup M. Sanil Kumar D. Nov, 2014 HUAWEI TECHNOLOGIES CO., LTD. Contents n IOMMU Introduction n IOMMU for ARM n Use cases n Software Architecture
More informationThe MIPS architecture and virtualization
The MIPS architecture and virtualization Simply put, virtualization makes one physical device appear as one or more virtual devices. Virtualization can be implemented at the processor level (e.g. CPU or
More informationDeeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC
Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC 1 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,
More informationInformal methods A personal search for practical alternatives to moral improvement through suffering in systems research
Informal methods A personal search for practical alternatives to moral improvement through suffering in systems research (lightning-talk version) Robert N. M. Watson University of Cambridge Computer Laboratory
More informationEmbedded Trusted Computing on ARM-based systems
1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate
More informationCarlos Villavieja, Nacho Navarro {cvillavi,nacho}@ac.upc.edu. Arati Baliga, Liviu Iftode {aratib,liviu}@cs.rutgers.edu
Continuous Monitoring using MultiCores Carlos Villavieja, Nacho Navarro {cvillavi,nacho}@ac.upc.edu Arati Baliga, Liviu Iftode {aratib,liviu}@cs.rutgers.edu Motivation Intrusion detection Intruder gets
More informationRackspace Cloud Databases and Container-based Virtualization
Rackspace Cloud Databases and Container-based Virtualization August 2012 J.R. Arredondo @jrarredondo Page 1 of 6 INTRODUCTION When Rackspace set out to build the Cloud Databases product, we asked many
More informationCSE597a - Cell Phone OS Security. Cellphone Hardware. William Enck Prof. Patrick McDaniel
CSE597a - Cell Phone OS Security Cellphone Hardware William Enck Prof. Patrick McDaniel CSE597a - Cellular Phone Operating Systems Security - Spring 2009 - Instructors McDaniel and Enck 1 2 Embedded Systems
More informationMulti-core Programming System Overview
Multi-core Programming System Overview Based on slides from Intel Software College and Multi-Core Programming increasing performance through software multi-threading by Shameem Akhter and Jason Roberts,
More informationMicrokernels, virtualization, exokernels. Tutorial 1 CSC469
Microkernels, virtualization, exokernels Tutorial 1 CSC469 Monolithic kernel vs Microkernel Monolithic OS kernel Application VFS System call User mode What was the main idea? What were the problems? IPC,
More informationPorting Linux to a Hypervisor Based Embedded System
IT 13 047 Examensarbete 30 hp Juni 2013 Porting Linux to a Hypervisor Based Embedded System G Hariprasad Institutionen för informationsteknologi Department of Information Technology Abstract Porting Linux
More informationOperating Systems 4 th Class
Operating Systems 4 th Class Lecture 1 Operating Systems Operating systems are essential part of any computer system. Therefore, a course in operating systems is an essential part of any computer science
More informationA hypervisor approach with real-time support to the MIPS M5150 processor
ISQED Wednesday March 4, 2015 Session 5B A hypervisor approach with real-time support to the MIPS M5150 processor Authors: Samir Zampiva (samir.zampiva@acad.pucrs.br) Carlos Moratelli (carlos.moratelli@pucrs.br)
More informationVerfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014
Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution
More informationAntonio Kung, Trialog. HIJA technical coordinator. Scott Hansen, The Open Group. HIJA coordinator
HIJA Antonio Kung, Trialog HIJA technical coordinator Scott Hansen, The Open Group HIJA coordinator 1 Presentation Outline HIJA project ANRTS platforms Requirements for ANRTS platforms Profiles based on
More informationFlight Processor Virtualization
National Aeronautics and Space Administration Flight Processor Virtualization Alan Cudmore / Code 582 9/11/2013 www.nasa.gov 1 Agenda Introduction to Virtualization Benefits of Virtualization for Satellite
More informationDeveloping software for Autonomous Vehicle Applications; a Look Into the Software Development Process
Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process By Andreas Lindenthal and Franz Walkembach, Wind River The concept of autonomous vehicles or unmanned
More informationVirtualization. Types of Interfaces
Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity
More informationD5.6 Prototype demonstration of performance monitoring tools on a system with multiple ARM boards Version 1.0
D5.6 Prototype demonstration of performance monitoring tools on a system with multiple ARM boards Document Information Contract Number 288777 Project Website www.montblanc-project.eu Contractual Deadline
More informationHypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:
Hypervisors Credits: P. Chaganti Xen Virtualization A practical handbook D. Chisnall The definitive guide to Xen Hypervisor G. Kesden Lect. 25 CS 15-440 G. Heiser UNSW/NICTA/OKL Virtualization is a technique
More informationOUTILS DE DÉMONSTRATION
OUTILS DE DÉMONSTRATION AUTOMATIQUE ET PREUVE DE CIRCUITS ÉLECTRONIQUES Laurence Pierre Laboratoire TIMA, Grenoble PREAMBLE Design/validation of embedded applications: Design/validation for the system
More informationVirtualization of Wireless LAN Infrastructures
Virtualization of Wireless LAN Infrastructures IDAACS 2011 IEEE 6th International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications 15-17 September 2011,
More informationVirtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies
Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies Kurt Klemperer, Principal System Performance Engineer kklemperer@blackboard.com Agenda Session Length:
More informationprint close Building Blocks
print close Machine Design Kim Hartman Wed, 2015-07-15 11:23 Many OEMs strive to maximize plant productivity by allowing machines to perform multiple operations simultaneously. Some of these concurrent
More informationUses for Virtual Machines. Virtual Machines. There are several uses for virtual machines:
Virtual Machines Uses for Virtual Machines Virtual machine technology, often just called virtualization, makes one computer behave as several computers by sharing the resources of a single computer between
More informationVirtualization. Pradipta De pradipta.de@sunykorea.ac.kr
Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation
More informationChapter 5 Cloud Resource Virtualization
Chapter 5 Cloud Resource Virtualization Contents Virtualization. Layering and virtualization. Virtual machine monitor. Virtual machine. Performance and security isolation. Architectural support for virtualization.
More informationx86 ISA Modifications to support Virtual Machines
x86 ISA Modifications to support Virtual Machines Douglas Beal Ashish Kumar Gupta CSE 548 Project Outline of the talk Review of Virtual Machines What complicates Virtualization Technique for Virtualization
More informationJonathan C. Sevy. Software and Systems Engineering Experience
Jonathan C. Sevy jsevy@cs.drexel.edu http://gicl.cs.drexel.edu/people/sevy Software and Systems Engineering Experience Experienced in all phases of software development, including requirements, architecture
More informationIndustrial Application of MultiPARTES
Industrial Application of MultiPARTES January 21st, 2012 HiPEAC Workshop 2013 Integration of mixed-criticality subsystems on multi-core processors David Gonzalez (dgonzalez@ikerlan.es) 1 Definitions and
More informationCOS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Kai Li and Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall13/cos318/ Introduction u Have
More informationHardware Based Virtualization Technologies. Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect
Hardware Based Virtualization Technologies Elsie Wahlig elsie.wahlig@amd.com Platform Software Architect Outline What is Virtualization? Evolution of Virtualization AMD Virtualization AMD s IO Virtualization
More informationHardware, Languages, and Architectures for Defense Against Hostile Operating Systems (DHOSA)
Hardware, Languages, and Architectures for Defense Against Hostile Operating Systems (DHOSA) Vikram Adve, Krste Asanović, David Evans, Sam King, Greg Morrisett, R. Sekar, Dawn Song, David Wagner (PI) http://www.dhosa.org/
More informationSystem Design Issues in Embedded Processing
System Design Issues in Embedded Processing 9/16/10 Jacob Borgeson 1 Agenda What does TI do? From MCU to MPU to DSP: What are some trends? Design Challenges Tools to Help 2 TI - the complete system The
More informationVirtual Machines. COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361
s COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361 1 Virtualization! Create illusion of multiple machines on the same physical hardware! Single computer hosts multiple virtual machines
More informationsel4: from Security to Safety Gernot Heiser, Anna Lyons NICTA and UNSW Australia
sel4: from Security to Safety Gernot Heiser, Anna Lyons NICTA and UNSW Australia 1 OS Trade-Offs Usability Minix Android Linux Trustworthiness Minix Android L4 sel4 Performance Linux L4 sel4 2015 Gernot
More informationApplying Multi-core and Virtualization to Industrial and Safety-Related Applications
White Paper Wind River Hypervisor and Operating Systems Intel Processors for Embedded Computing Applying Multi-core and Virtualization to Industrial and Safety-Related Applications Multi-core and virtualization
More informationMODULE 3 VIRTUALIZED DATA CENTER COMPUTE
MODULE 3 VIRTUALIZED DATA CENTER COMPUTE Module 3: Virtualized Data Center Compute Upon completion of this module, you should be able to: Describe compute virtualization Discuss the compute virtualization
More informationCOM 444 Cloud Computing
COM 444 Cloud Computing Lec 3: Virtual Machines and Virtualization of Clusters and Datacenters Prof. Dr. Halûk Gümüşkaya haluk.gumuskaya@gediz.edu.tr haluk@gumuskaya.com http://www.gumuskaya.com Virtual
More informationevm Virtualization Platform for Windows
B A C K G R O U N D E R evm Virtualization Platform for Windows Host your Embedded OS and Windows on a Single Hardware Platform using Intel Virtualization Technology April, 2008 TenAsys Corporation 1400
More informationVirtualization: Hypervisors for Embedded and Safe Systems. Hanspeter Vogel Triadem Solutions AG
1 Virtualization: Hypervisors for Embedded and Safe Systems Hanspeter Vogel Triadem Solutions AG 2 Agenda Use cases for virtualization Terminology Hypervisor Solutions Realtime System Hypervisor Features
More informationEIT ICT Labs MASTER SCHOOL. Specialisations
EIT ICT Labs MASTER SCHOOL Specialisations S&P EIT ICT Labs Master Programme Security & Privacy The Learning outcomes of this major are: Understanding the concepts and technologies for achieving confidentiality,
More informationComprehensive Security for Internet-of-Things Devices With ARM TrustZone
Comprehensive Security for Internet-of-Things Devices With ARM TrustZone Howard Williams mentor.com/embedded Internet-of-Things Trends The world is more connected IoT devices are smarter and more complex
More informationThe Freescale Embedded Hypervisor
November, 2010 The Freescale Embedded Hypervisor Jacques Landry Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, CoreNet, the Energy Efficient Solutions logo, Flexis, MXC, Platform in a Package, Processor Expert,
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationIntroduction to the NI Real-Time Hypervisor
Introduction to the NI Real-Time Hypervisor 1 Agenda 1) NI Real-Time Hypervisor overview 2) Basics of virtualization technology 3) Configuring and using Real-Time Hypervisor systems 4) Performance and
More informationParallels Virtuozzo Containers
Parallels Virtuozzo Containers White Paper Virtual Desktop Infrastructure www.parallels.com Version 1.0 Table of Contents Table of Contents... 2 Enterprise Desktop Computing Challenges... 3 What is Virtual
More informationKVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com
KVM: A Hypervisor for All Seasons Avi Kivity avi@qumranet.com November 2007 Virtualization Simulation of computer system in software Components Processor: register state, instructions, exceptions Memory
More informationChapter 1: Operating System Models 1 2 Operating System Models 2.1 Introduction Over the past several years, a number of trends affecting operating system design are witnessed and foremost among them is
More informationEIT ICT Labs MASTER SCHOOL S&P Programme Specialisations
EIT ICT Labs MASTER SCHOOL S&P Programme Specialisations S&P EIT ICT Labs Master Programme Security & Privacy The programme in Security and Privacy focuses on the study of the design, development and evaluation
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More information12/8/2010. Koen De Bosschere Ghent University Belgium JVM. Process. .NET Virtualization. Virtualization types. Xen. Paravirtualization.
Integrated : the silver bullet for future multi-core computing systems? Koen De Bosschere Ghent University Belgium Virtualization types JVM Process.NET Virtualization Xen Para System VMWare Full 1 Full
More informationOracle Database Scalability in VMware ESX VMware ESX 3.5
Performance Study Oracle Database Scalability in VMware ESX VMware ESX 3.5 Database applications running on individual physical servers represent a large consolidation opportunity. However enterprises
More informationCPET 581 Cloud Computing: Technologies and Enterprise IT Strategies. Virtualization of Clusters and Data Centers
CPET 581 Cloud Computing: Technologies and Enterprise IT Strategies Lecture 4 Virtualization of Clusters and Data Centers Text Book: Distributed and Cloud Computing, by K. Hwang, G C. Fox, and J.J. Dongarra,
More informationHypervisors and Virtual Machines
Hypervisors and Virtual Machines Implementation Insights on the x86 Architecture DON REVELLE Don is a performance engineer and Linux systems/kernel programmer, specializing in high-volume UNIX, Web, virtualization,
More informationVMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D
ware and CPU Virtualization Technology Jack Lo Sr. Director, R&D This presentation may contain ware confidential information. Copyright 2005 ware, Inc. All rights reserved. All other marks and names mentioned
More informationARM TrustZone and KVM Coexistence with RTOS For Automotive
ARM TrustZone and KVM Coexistence with RTOS For Automotive Michele Paolino m.paolino@virtualopensystems.com Automotive-grade Linux Summit, 2015-06-01, Tokyo, Japan Authorship and sponsorship Michele Paolino,
More informationEmbedded Software development Process and Tools: Lesson-1
Embedded Software development Process and Tools: Lesson-1 Introduction to Embedded Software Development Process and Tools 1 1. Development Process and Hardware Software 2 Development Process Consists of
More informationGoing Linux on Massive Multicore
Embedded Linux Conference Europe 2013 Going Linux on Massive Multicore Marta Rybczyńska 24th October, 2013 Agenda Architecture Linux Port Core Peripherals Debugging Summary and Future Plans 2 Agenda Architecture
More informationNext Generation Operating Systems
Next Generation Operating Systems Zeljko Susnjar, Cisco CTG June 2015 The end of CPU scaling Future computing challenges Power efficiency Performance == parallelism Cisco Confidential 2 Paradox of the
More informationBeyond Virtualization: A Novel Software Architecture for Multi-Core SoCs. Jim Ready September 18, 2012
Beyond Virtualization: A Novel Software Architecture for Multi-Core SoCs Jim Ready September 18, 2012 How HW guys view the world SW Software HW How SW guys view the world SW HW Reality The SoC Software
More informationPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationSecure Containers. Jan 2015 www.imgtec.com. Imagination Technologies HGI Dec, 2014 p1
Secure Containers Jan 2015 www.imgtec.com Imagination Technologies HGI Dec, 2014 p1 What are we protecting? Sensitive assets belonging to the user and the service provider Network Monitor unauthorized
More informationSierraVMI Sizing Guide
SierraVMI Sizing Guide July 2015 SierraVMI Sizing Guide This document provides guidelines for choosing the optimal server hardware to host the SierraVMI gateway and the Android application server. The
More informationHi and welcome to the Microsoft Virtual Academy and
Hi and welcome to the Microsoft Virtual Academy and 2012 Microsoft Corporation 1 the start of the Windows 8 Security Insights training. My name is Milad Aslaner I m part of the Premier Field Engineering
More informationTopic 5a Operating System Fundamentals
Topic 5a Operating System Fundamentals What is an operating system? a computer is comprised of various types of software device drivers (storage, I/O, etc.) process and control software memory management
More informationEmbedded Systems Virtualization: The Next Challenge?
Science Highlights Embedded Systems Virtualization: The Next Challenge? Alexandra Aguiar, Fabiano Hessel Faculty of Informatics PUCRS Traditionally, virtualization has been adopted by enterprise industry
More informationWhen COTS is not SOUP Commercial Off-the-Shelf Software in Medical Systems. Chris Hobbs, Senior Developer, Safe Systems
When COTS is not SOUP Commercial Off-the-Shelf Software in Medical Systems Chris Hobbs, Senior Developer, Safe Systems 2 Audience and Assumptions Who will benefit from this presentation? Software designers
More informationKVM Security Comparison
atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 Tel: 512-349-7525 Fax: 512-349-7933 www.atsec.com KVM Security Comparison a t s e c i n f o r m a t i o n s e c u
More informationPutting it on the NIC: A Case Study on application offloading to a Network Interface Card (NIC)
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE CCNC 2006 proceedings. Putting it on the NIC: A Case Study on application
More informationVirtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader
Virtualization System Vulnerability Discovery Framework Speaker: Qinghao Tang Title:360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
More informationMulti-core Curriculum Development at Georgia Tech: Experience and Future Steps
Multi-core Curriculum Development at Georgia Tech: Experience and Future Steps Ada Gavrilovska, Hsien-Hsin-Lee, Karsten Schwan, Sudha Yalamanchili, Matt Wolf CERCS Georgia Institute of Technology Background
More informationUSTC Course for students entering Clemson F2013 Equivalent Clemson Course Counts for Clemson MS Core Area. CPSC 822 Case Study in Operating Systems
USTC Course for students entering Clemson F2013 Equivalent Clemson Course Counts for Clemson MS Core Area 398 / SE05117 Advanced Cover software lifecycle: waterfall model, V model, spiral model, RUP and
More informationLecture Embedded System Security Dynamic Root of Trust and Trusted Execution
1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root
More informationCS Master Level Courses and Areas COURSE DESCRIPTIONS. CSCI 521 Real-Time Systems. CSCI 522 High Performance Computing
CS Master Level Courses and Areas The graduate courses offered may change over time, in response to new developments in computer science and the interests of faculty and students; the list of graduate
More informationAda Real-Time Services and Virtualization
Ada Real-Time Services and Virtualization Juan Zamorano, Ángel Esquinas, Juan A. de la Puente Universidad Politécnica de Madrid, Spain jzamora,aesquina@datsi.fi.upm.es, jpuente@dit.upm.es Abstract Virtualization
More informationBasics of Virtualisation
Basics of Virtualisation Volker Büge Institut für Experimentelle Kernphysik Universität Karlsruhe Die Kooperation von The x86 Architecture Why do we need virtualisation? x86 based operating systems are
More informationPerformance tuning Xen
Performance tuning Xen Roger Pau Monné roger.pau@citrix.com Madrid 8th of November, 2013 Xen Architecture Control Domain NetBSD or Linux device model (qemu) Hardware Drivers toolstack netback blkback Paravirtualized
More informationVirtual Machines. Virtualization
Virtual Machines Marie Roch Tanenbaum 8.3 contains slides from: Tanenbaum 3 rd ed. 2008 1 Virtualization Started with the IBM System/360 in the 1960s Basic concept simulate multiple copies of the underlying
More informationNetwork connectivity controllers
Network connectivity controllers High performance connectivity solutions Factory Automation The hostile environment of many factories can have a significant impact on the life expectancy of PCs, and industrially
More informationVirtualization Technology. Zhiming Shen
Virtualization Technology Zhiming Shen Virtualization: rejuvenation 1960 s: first track of virtualization Time and resource sharing on expensive mainframes IBM VM/370 Late 1970 s and early 1980 s: became
More informationDynamic Load Balancing of Virtual Machines using QEMU-KVM
Dynamic Load Balancing of Virtual Machines using QEMU-KVM Akshay Chandak Krishnakant Jaju Technology, College of Engineering, Pune. Maharashtra, India. Akshay Kanfade Pushkar Lohiya Technology, College
More informationJava Environment for Parallel Realtime Development Platform Independent Software Development for Multicore Systems
Java Environment for Parallel Realtime Development Platform Independent Software Development for Multicore Systems Ingo Prötel, aicas GmbH Computing Frontiers 6 th of May 2008, Ischia, Italy Jeopard-Project:
More informationVirtualization Technologies (ENCS 691K Chapter 3)
Virtualization Technologies (ENCS 691K Chapter 3) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ The Key Technologies on Which Cloud Computing
More information