当前位置:
X-MOL 学术
›
Comput. Netw.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Assessment of spatial isolation in Jailhouse: Towards a generic approach
Computer Networks ( IF 5.6 ) Pub Date : 2024-04-08 , DOI: 10.1016/j.comnet.2024.110402 Jean de Bonfils Lavernelle , Pierre-François Bonnefoi , Benoît Gonzalvo , Damien Sauveron
Computer Networks ( IF 5.6 ) Pub Date : 2024-04-08 , DOI: 10.1016/j.comnet.2024.110402 Jean de Bonfils Lavernelle , Pierre-François Bonnefoi , Benoît Gonzalvo , Damien Sauveron
|
In recent years, virtualization has known a growing interest in the embedded systems world mainly for size, weight, power, and cost constraints. For that reason, mixed-criticality systems, which are hardware platforms that host multiple sub-systems with different levels of criticality, become more and more widespread. In mixed-criticality systems, sub-systems can be separated and isolated from each other by software raising various security challenges and considerations. However, having multiple sub-systems running on the same hardware platform, each with its own security requirements and level of criticality, requires strong isolation between them. Static partitioning hypervisors present promising solutions for isolation in embedded systems. Indeed, in addition to most of the benefits of traditional virtualization solutions, they offer good predictability and latency, and are more lightweight which makes them particularly suitable for the context of embedded systems. As mixed-criticality systems are often subject to high-security requirements, it is a matter of concern to ensure that virtualization solutions provide strong and reliable isolation. Among these possible solutions, Jailhouse is a type-1 static partitioning hypervisor whose temporal isolation capacities have been extensively evaluated and which provides good performance to virtual machines. However, the hypervisor has not been extensively explored in terms of the spatial isolation that it must guarantee. This paper aims to give a clear picture of the capacities of Jailhouse in terms of isolation. To this end, this paper first explains the architecture of Jailhouse, followed by an overview of recent related work. Then, the paper introduces the methodology followed for testing spatial isolation and suggests key generic points to consider for assessing hypervisors on this criterion. Finally, the paper details some of our tests that revealed or confirmed interesting insights related to spatial isolation in Jailhouse.
中文翻译:
监狱空间隔离的评估:寻求通用方法
近年来,嵌入式系统领域对虚拟化的兴趣日益浓厚,主要是因为尺寸、重量、功耗和成本限制。因此,混合关键性系统(托管具有不同关键性级别的多个子系统的硬件平台)变得越来越普遍。在混合关键性系统中,子系统可以通过软件相互分离和隔离,从而提出各种安全挑战和考虑因素。然而,在同一硬件平台上运行多个子系统,每个子系统都有自己的安全要求和关键级别,因此需要在它们之间进行强隔离。静态分区管理程序为嵌入式系统中的隔离提供了有前景的解决方案。事实上,除了传统虚拟化解决方案的大部分优点之外,它们还提供良好的可预测性和延迟,并且更加轻量级,这使得它们特别适合嵌入式系统环境。由于混合关键性系统通常受到高安全性要求,因此确保虚拟化解决方案提供强大而可靠的隔离是一个值得关注的问题。在这些可能的解决方案中,Jailhouse 是一种类型 1 静态分区虚拟机管理程序,其时间隔离能力已得到广泛评估,并且为虚拟机提供了良好的性能。然而,虚拟机管理程序在其必须保证的空间隔离方面尚未得到广泛的探索。本文旨在清晰地描述 Jailhouse 在隔离方面的能力。为此,本文首先解释了 Jailhouse 的架构,然后概述了最近的相关工作。然后,本文介绍了测试空间隔离所遵循的方法,并提出了根据此标准评估虚拟机管理程序时需要考虑的关键通用点。最后,本文详细介绍了我们的一些测试,这些测试揭示或证实了与监狱空间隔离相关的有趣见解。
更新日期:2024-04-08
中文翻译:
监狱空间隔离的评估:寻求通用方法
近年来,嵌入式系统领域对虚拟化的兴趣日益浓厚,主要是因为尺寸、重量、功耗和成本限制。因此,混合关键性系统(托管具有不同关键性级别的多个子系统的硬件平台)变得越来越普遍。在混合关键性系统中,子系统可以通过软件相互分离和隔离,从而提出各种安全挑战和考虑因素。然而,在同一硬件平台上运行多个子系统,每个子系统都有自己的安全要求和关键级别,因此需要在它们之间进行强隔离。静态分区管理程序为嵌入式系统中的隔离提供了有前景的解决方案。事实上,除了传统虚拟化解决方案的大部分优点之外,它们还提供良好的可预测性和延迟,并且更加轻量级,这使得它们特别适合嵌入式系统环境。由于混合关键性系统通常受到高安全性要求,因此确保虚拟化解决方案提供强大而可靠的隔离是一个值得关注的问题。在这些可能的解决方案中,Jailhouse 是一种类型 1 静态分区虚拟机管理程序,其时间隔离能力已得到广泛评估,并且为虚拟机提供了良好的性能。然而,虚拟机管理程序在其必须保证的空间隔离方面尚未得到广泛的探索。本文旨在清晰地描述 Jailhouse 在隔离方面的能力。为此,本文首先解释了 Jailhouse 的架构,然后概述了最近的相关工作。然后,本文介绍了测试空间隔离所遵循的方法,并提出了根据此标准评估虚拟机管理程序时需要考虑的关键通用点。最后,本文详细介绍了我们的一些测试,这些测试揭示或证实了与监狱空间隔离相关的有趣见解。
京公网安备 11010802027423号