Leveraging Thin Hypervisors for Security on Embedded Systems Christian Gehrmann A part of Swedish ICT
What is virtualization? Separation of a resource or request for a service from the underlying physical delivery of that service system virtualization 2 2010-05-19
Why are you introducing system virtualization into an embedded system? Isolation allowing multiple concurrent operating systems Simplified development porting of legacy systems to new hardware architectures (Security protected execution) 3 2010-05-19
Existing approaches/solutions (I) VMware Mobile Virtualization Platform Developed by Trango and acquired by VMware in 2008 Support ARM v4- ARMv7 architectures (old ARM arch.) No open source or detailed public technical inf. available VirtualLogix Para-virtualization Support ARM 9, ARM 11, Cortex A8 and Cortex A9 MMU virtualization, Scheduling (RTOS priority), shared peripheral support, inter-os communcation No open source or detailed public technical inf. available ST-Ericsson announced customer in February 2010 4 2010-05-19
Existing approaches/solutions (II) Para-virtualization Exception handling Sensitive unprivileged instructions As ARM only has one unprivileged mode, the guest OS needs to run in user mode. In the Xen ARM the kernel is protected from applications through a virtual kernel mode provided through the MMU and the ARM domain protection mechanisms virtual banked registers Xen is open source Xen ported to ARM9 J. Hwang et. al., Xen on ARM: System Virtualization using Xen Hypervisor for ARM-based Secure Mobile Phones, CCNC, January 2008. 5 2010-05-19
Existing approaches/solutions (III) Microkernel based virtualization Global scheduling policies High bandwidth communication System wide security policies Untouched device drivers Adaptations similar to paravirtualization needed for the legacy guest system Depending on the Hardware Abstractin Layer (HAL) adaptation efforts, the performance can be comparable with a system not running on L4 (or much worse - 10% overhead) Open source! OpenKernal-Labs L4 technology G. Heiser, The Role of Virtualization in Embedded Systems, IIES, April 2008. 6 2010-05-19
Existing approaches/solutions (IV) Related: ARM Trust Zone Tiago Alves and Don Felton, TrustZone: Integrated Hardware and Software Security, Enabling Trusted Computing in Embedded Systems, July 2004. 7 2010-05-19
Threat scenario 8 2010-05-19
Hypervisor security services (I) () Domains are isolated on one host; protected from each other Leverages hardware protection (rings, modes, pages...) hypervisor runs in special hardware protection mode, guests run in lower privilege mode Hypervisor as a minimal host Trusted Computing Base (TCB) Isolation also leads to modularity Trusted execution domain 9 2010-05-19
Hypervisor security services (II) Kernel integrity in semi-trusted domain An attacker control everything in the system except the CPU, the memory controller, and system memory chip. Enforcement engine that refuses to execute any nonapproved code in kernel mode Secure boot Monitor each kernel enter and exit instructions A. Seshadri et. al., SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes, SOSP 07, October 2007 10 2010-05-19
Hypervisor security services (III) Protection of applications on guest OS from each other and guest OS Multiple views of guest application memory Application real view Other processes and OS encrypted/integrity protected view Multiple page tables Etc. Memory multi-shadowing X. Chen et. al., Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems, ASPLOS, March 2008. 11 2010-05-19
Hypervisors in the future? Hypervisors have so far been introduced in embedded systems mainly due to non-security requirements Heterogeneous operating-system environment (at least two different OSes) on single core system Security if often a major selling argument, but it is seldom accomplished by any good motivations or proofs (OKL4 as an exception) of that a high security level is achieved! Many security pitfalls have been detected in major virtualization solutions on the market (VMware, Xen, KVM etc.) There is a clear trend also in embedded systems on systems with multiple cores Then there will not be any reasons for introducing virtualization purely due to the support of heterogeneous operating-systems However, the security (as well as maybe system load balancing and fault tolerance) arguments are still most valid! 12 2010-05-19
Hypervisor based security for multicore embedded systems Different hypervisors/ configurations on different CPUs an example Hypervisor 1 provides secure execution/kernel protection Multiple virtual machines Virtualized MMU and DMA Virtualized interrupt controller, watchdog reset Kernel integrity protection Hypervisor 2 provides memory/device and kernel protection Single execution environment Virtualized MMU and DMA Kernel integrity protection Hypervisor 3 provides only memory/device protection Single execution environment Virtualized MMU and DMA Extremely few traps 13 2010-05-19
Hypervisor versus Trust Zone TrustZone Need careful adaptations at System on Chip design phase Strict hardware control few software security dependencies (except the trusted SW system) Runs only on ARM architectures Requires adaptations for the secure interface (on legacy system) towards the trusted world No security monitoring possibilities Hypervisor Only based on existing CPU and MMU hardware protection mechanisms Relies on secure hypervisor software and system design Can be ported to many different CPU architectures Requires para-virtualization on most current architectures Security monitoring of semitrusted domains services such as kernel integrity 14 2010-05-19
Hypervisor versus OKL4 OKL4 The micro kernel handles tasks and dthreads The micro kernel schedule threads Communicates with IPCs Memory protection through the micro kernel protection ti (utilizing i MMU) Secure monitoring micro kernel dependent, kernel integrity is not really possible as the micro kernel and guest kernels are integrated Hypervisor The hypervisor does not need detailed d inf. on tasks an threads. The hypervisor only schedules complete VMs on virtual CPUs Communicate through shared memory or ring buffers with virtual cross interrupts MMU and privileged instruction based protection with traps Security monitoring of semitrusted domains services such as kernel integrity it F. Armand and M.Gien, A practical look at micro-kernels and virtual machine monitors, IEEE CCCNC, January 2009 15 2010-05-19
A SICS hypervisor for FreeRTOS on ARM H. Douglas, Thin Hypervisor-Based Security Architectures for Embedded Platforms, Master Thesis, SICS, March 2010 16 2010-05-19
Some benchmark figures 17 2010-05-19
Next steps for the SICS hypervisor Several parallel virtual machines - trusted and nontrusted ARM v6/v7 instruction set Multiprocessor support/configurations ti Full kernel integrity protection of semi-trusted domain Commodity OS support, e.g. Linux Formal verification of the isolation and integrity protection properties Other CPU architectures Release as open source! 18 2010-05-19
Conclusions Hypervisors are starting to move also into the embedded sphere So-far the main motivation for introducing hypervisors has not been security and there are no examples of hypervisors for embedded systems with pure security focus There exist alternative solutions providing similar functionality such as OKL4 and TrustZone. These approaches have some limitations as well as benefits In particular in multicore-systems, hypervisors provides a very attractive security services with limited performance and porting impacts There is a need for formal analysis of different designs for different architectures and we expect the area to develop the coming years SICS is working with secure hypervisor design for multicore embedded systems 19 2010-05-19