FCC compliance with open source: Running OpenWrt in a VM on top of the L4Re microhypervisor

Similar documents
Secure Containers. Jan Imagination Technologies HGI Dec, 2014 p1

The QEMU/KVM Hypervisor

A hypervisor approach with real-time support to the MIPS M5150 processor

Basics in Energy Information (& Communication) Systems Virtualization / Virtual Machines

9/26/2011. What is Virtualization? What are the different types of virtualization.

Introduction to the NI Real-Time Hypervisor

Development of Type-2 Hypervisor for MIPS64 Based Systems

Virtualization in the ARMv7 Architecture Lecture for the Embedded Systems Course CSD, University of Crete (May 20, 2014)

Microkernels, virtualization, exokernels. Tutorial 1 CSC469

KVM: A Hypervisor for All Seasons. Avi Kivity avi@qumranet.com

LESSON 13 VIRTUALIZATION AND CLOUD COMPUTING

Hypervisors. Introduction. Introduction. Introduction. Introduction. Introduction. Credits:

Solution Guide Parallels Virtualization for Linux

Intro to Virtualization

Virtualization Technology

Virtualization. Dr. Yingwu Zhu

Satish Mohan. Head Engineering. AMD Developer Conference, Bangalore

MODULE 3 VIRTUALIZED DATA CENTER COMPUTE

Compromise-as-a-Service

Full and Para Virtualization

Security Security by Separation

The L4 Microkernel. Invited Speaker: Prof. Hermann Härtig Technische Universität Dresden. ARTIST Summer School in Europe 2010

What marketing won t tell you about the Internet of Things

Berlin Institute of Technology FG Security in Telecommunications

SUSE Linux Enterprise 10 SP2: Virtualization Technology Support

Data Centers and Cloud Computing

MediaTek LinkIt Smart 7688 FAQ

Virtualization. Michael Tsai 2015/06/08

Xen Project 4.4: Features and Futures. Russell Pavlicek Xen Project Evangelist Citrix Systems

Flight Processor Virtualization

CSE 501 Monday, September 09, 2013 Kevin Cleary

Dr. Dimitar Valtchev. 24 June 2010, Stuttgart, Eclipse Embedded Day

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology

The Art of Virtualization with Free Software

More Efficient Virtualization Management: Templates

How To Create A Cloud Based System For Aaas (Networking)

Sierraware Overview. Simply Secure

COS 318: Operating Systems. Virtual Machine Monitors

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Enterprise-Class Virtualization with Open Source Technologies

WaveInsite Mobile WLAN Client Interoperability and Performance Testing

Red Hat VDI. David Simmons

Virtualization. Jukka K. Nurminen

Virtualization for Cloud Computing

Custom Integration Solutions

Parallels Virtuozzo Containers

Virtualization. Introduction to Virtualization Virtual Appliances Benefits to Virtualization Example Virtualization Products

Virtualization for Future Internet

Parallels Virtuozzo Containers

Android Virtualization from Sierraware. Simply Secure

Parallels Virtuozzo Containers

On the Evaluation of the Performance Overhead of a Commercial Embedded Hypervisor

Operating Systems (Linux)

Hardware/microprocessor Run- time executive (real- time OS, hypervisor, etc.) Web messaging infrastructure

300Mbps. Wi-Fi Range Extender TL-WA855RE. Highlights. Description

Cloud Computing #6 - Virtualization

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

Virtualization NIIT WHITE PAPER SEPTEMBER 2011

The MIPS architecture and virtualization

APPLICATION VIRTUALIZATION TECHNOLOGIES WHITEPAPER

Guardian: Hypervisor as Security Foothold for Personal Computers

Comparing Free Virtualization Products

Nighthawk AC1900 Smart WiFi Router Dual Band Gigabit

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone

I vantaggi dell?utilizzo di JAVA nella strategia M2M

Virtual Switching Without a Hypervisor for a More Secure Cloud

QoS VPN Router.

Virtualization: Know your options on Ubuntu. Nick Barcet. Ubuntu Server Product Manager

COM 444 Cloud Computing

What s New with VMware Virtual Infrastructure

Enabling Technologies for Distributed Computing

Linux/Open Source and Cloud computing Wim Coekaerts Senior Vice President, Linux and Virtualization Engineering

WHITE PAPER Mainstreaming Server Virtualization: The Intel Approach

Networked I/O for Virtual Machines

2009 AAMGA Automation Conference

Virtual Computing and VMWare. Module 4

Virtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University

Servervirualisierung mit Citrix XenServer

Networking for Caribbean Development

RED HAT ENTERPRISE VIRTUALIZATION

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi,

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

ELCE Secure Embedded Linux Product (A Success Story)

Application-Centric WLAN. Rob Mellencamp

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

Parallels VDI Solution

COS 318: Operating Systems. Virtual Machine Monitors

Comparing Virtualization Technologies

Security Working Group Members Goals and Interests. Cesare Garlati, Chief Security Strategist May 2015

Hyper-V vs ESX at the datacenter

Yun Shield User Manual VERSION: 1.0. Yun Shield User Manual 1 / 22.

Red Hat enterprise virtualization 3.0 feature comparison

Use Cases for Docker in Enterprise Linux Environment CloudOpen North America, 2014 Linda Wang Sr. Software Engineering Manager Red Hat, Inc.

SCADA Virtualization

WIND RIVER SECURE ANDROID CAPABILITY

SUSE Cloud 5 Openstack

Nested Virtualization

Data Centers and Cloud Computing. Data Centers. MGHPCC Data Center. Inside a Data Center

Transcription:

FCC compliance with open source: Running OpenWrt in a VM on top of the L4Re microhypervisor Michael Hohmuth Kernkonzept

2 FCC Wifi rule 2014: New FCC rule Router manufacturers need to prevent Wifi misconfiguration Prevent misuse of unlicensed / restricted frequency spectrum Compatibility with open-source router OSes? Ouch!

3 prpl Foundation's idea 2015: Virtualization is here! Can we use it to isolate the Wifi driver from the open-source OS? Let's do a proof of concept

4 A prpl cocktail: Ingredients A core of MIPS MIPS P5600: Imagination Technologies A router OS of choice A bag of guts An extension of virtualization MIPS VZ: Imagination Technologies An SoC of audacity Baikal T platform: Baikal Electronics A hypervisor of open source OpenWrt Sponsorship: prpl Foundation A teaspoon of luck Stir. Serve hot. L4Re microhypervisor: Kernkonzept

5 About Kernkonzept Develops and supports the open-source L4Re operating system L4Re Microhypervisor / Microkernel Minimal secure real-time separation kernel L4Re UVMM For hardware-assisted virtualization with minimal Trusted Computing Base (TCB) L4Re Runtime Environment For native trusted apps with minimal TCB L4Linux, L4Android Paravirtualization solutions Based in Dresden, Germany

6 L4Re operating system overview

7 Why virtualization on the router? Integration of untrusted third-party components Home automation, home security, media streaming Separate development / update cycles integrated components DECT / LTE / SNMP Smaller attack surface for secrets kept on the router VPN keys, admin passwords Isolating critical gateway / router part from other components to reduce attack surface Wifi AP, telephony, printer, family settings, local storage, private cloud Isolate proprietary / dusty deck components For licensing reasons, or to limit attack surface FCC Wifi rule

8 Virtualization vs Linux container solutions Smaller trusted computing base (TCB) Small = good Studies: 20 50 bugs per 1000 lines of code Several orders of magnitude smaller Much lower probability of 0day events Larger footprint RAM: ~ 5 MB for hypervisor / VMM ~ 5 MB for each additional Linux Harder to set up and manage Dynamic / automatic deployment is a WIP Native trusted microapps Real time and security Linux is off the trusted path

9 A prpl cocktail: Ingredients A core of MIPS MIPS P5600: Imagination Technologies A router OS of choice A bag of guts An extension of virtualization MIPS VZ: Imagination Technologies An SoC of audacity Baikal T platform: Baikal Electronics A hypervisor of open source OpenWrt Sponsorship: prpl Foundation A teaspoon of luck Stir. Serve hot. L4Re microhypervisor: Kernkonzept

10 prpl Wifi router demo OpenWrt VM router OpenWrt VM Wifi driver OpenWrt VM Third party Console mux Virtual Network L4Re Microhypervisor Ethernet Ethernet USB / Wifi UART / serial

11 It works

12 War stories We have virtualization? Oh yeah, right Accidentally, it appears The joys of evaluation hardware Flaky power supply, flaky network boot, errata, frequent firmware updates Version / life cycle issues L4Re UVMM, Baikal platform, and OpenWrt all have different Linux kernel version requirements A bunch of Wifi dongles Find a Wifi dongle that's supported by the selected Linux kernel and that's still on the market Ironing out the bugs In other people's software (mostly ;-)

13 Evaluation FCC use case What's there CPU / MMU virtualization MIPS VZ Open source L4Re Microhypervisor Virtual MIPS platform for Linux Device pass-through into VMs OpenWrt virtualization Virtual networking among VMs What's missing IOMMU (SMMU) support missing on the Baikal platform Secure boot (vs open source ) VM management Virtual platform standard for MIPS / x86 Untrusted third-party VMs

14 Summary Virtualization is coming your way Telcos / service providers want it Use cases Third-party software, security, life-cycle management Don't get worked up about the FCC rule Next steps Integration of container technology and (real) virtualization SoC vendor support for hypervisors

15 Thank you!

16 Backup

17 L4Re core features x86, ARM, MIPS; 32- or 64-bit systems Native apps with minimal TCB Strong temporal and spatial isolation: real-time & secure Dynamic or static setups Supports hardware-assisted and para-virtualization Run VMM as untrusted user-mode applications Open source Mature OS (developed since 1997)

18 L4Re applications High-assurance security Dual-use laptops, VPN gateways, secure exchange gateways, data diodes Open and secure mobile systems Smart phones, tablet devices: Open systems with strong security requirements Industrial monitoring and control Virtualization of legacy components for consolidation Car infotainment Consolidation of trusted and untrusted components Open software stack ( apps ) Cloud security Trusted virtualization solutions

19 Kernkonzept services Consulting Helping customers to use the L4Re system in their own products and solutions Contracting / maintenance Develop and maintain L4Re-based software Licensing Open-source or commercial L4Re licenses available

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information