Secure Architecture and Secure Architecture and Implementation of Xen Xen on ARM on ARM Implementation of for Mobile Devices for Mobile Devices Sang- -bum bum Suh Suh Sang sbuk.suh@samsung.com sbuk.suh@samsung.com SW Laboratories SW Laboratories CTO, Samsung Electronics CTO, Samsung Electronics April 17, 2007 April 17, 2007 Presented at Xen Xen Summit Spring 2007, IBM TJ Watson Summit Spring 2007, IBM TJ Watson Presented at
Contributor Contributor Sang- -bum bum Suh Suh Sang Joo- -Young Hwang Young Hwang Joo Sung- -min Lee min Lee Sung Sungkwan Heo Heo Sungkwan Sangdok Mo Mo Sangdok ChanJu Park Park ChanJu Seong- -Yeol Yeol Park Park Seong Jong- -Tae Kim Tae Kim Jong Bokdeuk Jeong Jeong Bokdeuk Chul ryun ryun Kim Kim Chul Jaemin Ryu Ryu Jaemin Jaera Lee Lee Jaera Mikhail Pozhenko Pozhenko Mikhail 2 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Agenda Agenda Requirements for Beyond 3G Mobile Device Requirements for Beyond 3G Mobile Device Goal and Approach Goal and Approach Xen on ARM on ARM Xen Xen on ARM Architecture on ARM Architecture Xen System Virtualization System Virtualization System Boot Operation System Boot Operation Security Security Security Architecture and Its Components Security Architecture and Its Components Implementation: Status Implementation: Status Conclusions and Future Work Conclusions and Future Work Appendix Appendix 3 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Requirements Requirements for Beyond 3G Mobile Devices for Beyond 3G Mobile Devices High- -level Requirements level Requirements High End user: Secure and reliable mobile terminals for mobile Intern End user: Secure and reliable mobile terminals for mobile Internet et services using WiBro WiBro services using Manufacturer: Robustness though complexity of devices gets Manufacturer: Robustness though complexity of devices gets increased increased Contents provider: Protection of IP rights in end- -user terminals user terminals Contents provider: Protection of IP rights in end Carrier companies: Open and Secure Mobile Platform Carrier companies: Open and Secure Mobile Platform OSTI (Open Secure Terminal Initiative): NTT DoCoMo DoCoMo, Intel , Intel OSTI (Open Secure Terminal Initiative): NTT Apps. & Services System Multimedia m-Commerce Memory Multi- Multimedia Expected m-Commerce Memory Service Multi- > 64MB Web function Service > 64MB Web function Downloadable System Browsing Beyond 3G Downloadable I nternet/ Cellular Browsing Application CPU Complexity Component Application I ntegration CPU Component Environments Internet > 500 MIPS Reusability High-speed Internet > 500 MIPS Reusability VoIP Banking Mobile High-speed VoIP (10~ 100Mbps) , U-Health Banking Mobile 3D Game (10~ 100Mbps) , U-Health Multi-mode 3D Game Multi-mode Modem Modem User Manufacturer Security, Robustness, Needs Reliability Time-to-market (Secure Terminal) Beyond 3G environments and Needs 4 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Threats to Mobile Devices Threats to Mobile Devices According to McAfee, threats to mobile devices will According to McAfee, threats to mobile devices will continue to grow in 2007 continue to grow in 2007 The number of malware malware created for Windows CE/Mobile created for Windows CE/Mobile The number of and Symbian Symbian was expected to reach 726 by the end of 2006, was expected to reach 726 by the end of 2006, and from an estimated 226 at the end of 2005 [KAW06] from an estimated 226 at the end of 2005 [KAW06] Attacks on mobile banking and trading Attacks on mobile banking and trading Steals financial data and sends them to a remote attacker Steals financial data and sends them to a remote attacker Examples [GOS06] Examples [GOS06] StealWar Worm (2006), Worm (2006), Flexispy Flexispy Trojan (2006), Trojan (2006), Brador Brador StealWar Backdoor (2004) Backdoor (2004) Denial of service (DoS DoS) attacks ) attacks Denial of service ( Inappropriate execution of instructions consuming system Inappropriate execution of instructions consuming system resources (e.g., memory, CPU, battery), resetting a system resources (e.g., memory, CPU, battery), resetting a system Examples [GOS06] Examples [GOS06] Cabir Worm (2004) Worm (2004), , CommWarrior CommWarrior Worm (2005), Worm (2005), Skulls Trojan Skulls Trojan Cabir (2004 4) ), , Mobler.a Mobler.a Worm Worm (200 (2006 6) ), , Cxoever Cxoever Worm (2006) Worm (2006) (200 5 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Typical User Scenario Typical User Scenario Without VMM With VMM Non-trusted Non-trusted Servers Servers on Internet on Internet m-Wallet Server m-Wallet Server (Trusted Server) (Trusted Server) OTA (over-the-air) OTA (over-the-air) Secure Secure Secure app. download app. download Channel Channel Domain m-Wallet App2 App3 App1 m-Wallet Client App. App2 App3 App1 Unstable or Unstable or Client App. Malicious App. Malicious App. OS OS VMM OS Non-secure Domain H/W H/W * VMM = Virtual Machine Monitor 6 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Features for Secure Mobile Devices Features for Secure Mobile Devices Low- -overhead system virtualization overhead system virtualization Low Separation of guest domains Separation of guest domains Hot plug- -in/ in/- -out of guest domains out of guest domains Hot plug Secure boot Secure boot Secure storage Secure storage Access control Access control 7 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Agenda Agenda Requirements for Beyond 3G Mobile Device Requirements for Beyond 3G Mobile Device Goal and Approach Goal and Approach Xen on ARM on ARM Xen Xen on ARM Architecture on ARM Architecture Xen System Virtualization System Virtualization System Boot Operation System Boot Operation Security Security Security Architecture and Its Components Security Architecture and Its Components Implementation: Status Implementation: Status Conclusions and Future Work Conclusions and Future Work Appendix Appendix 8 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Goal and Approach Goal and Approach Goal Goal Light- -weight secure virtualization technology for weight secure virtualization technology for Light beyond 3G mobile devices beyond 3G mobile devices Approach Approach Design and implementation of Design and implementation of VMM on ARM using Xen Xen architecture architecture VMM on ARM using Security features using Xen Security features using Xen on ARM: on ARM: guaranteeing confidentiality, integrity, and availability guaranteeing confidentiality, integrity, and availability Deliverables Deliverables VMM: Secure Xen Xen on ARM on ARM VMM: Secure Dom0, DomU DomU: Para : Para- -virtualized ARM Linux virtualized ARM Linux- -2.6.11 2.6.11 Dom0, kernel/ device drivers kernel/ device drivers 9 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Architecture: Secure Xen Xen on ARM on ARM Architecture: Secure Dom 0 Dom U Dom 0 Dom U Application Application Application Application Application Application Application Application Application Application Back- -end Drivers end Drivers Front- -end Drivers end Drivers Back Front Domain Domain Native Drivers Native Drivers VM Interface VM Interface VM Interface VM Interface Access Control Resource Allocator Allocator Access Control Domain Manager Domain Manager Resource Secure Xen Xen on ARM on ARM Secure Peripheral Devices Hardware Peripheral Devices CPU System Memory Flash Memory Hardware CPU System Memory Flash Memory Peripheral Devices Peripheral Devices 10 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Development Environments Development Environments HW and SW Environments HW and SW Environments A Reference System for Implementation A Reference System for Implementation SW SW Xen : Xen- -3.0.2 3.0.2 Xen : Xen Linux : ARM Linux- -2.6.11 2.6.11 Linux : ARM Linux GUI : Qtopia Qtopia GUI : HW HW Processor : ARM- -9 266Mhz ( 9 266Mhz (Freescale Freescale i.MX21) i.MX21) Processor : ARM Memory : 64MB Memory : 64MB Flash : NOR 32MB / NAND 64MB Flash : NOR 32MB / NAND 64MB LCD : 3.5 inch LCD : 3.5 inch Network : CS8900A 10Base- -T Ethernet Controller T Ethernet Controller Network : CS8900A 10Base Development Environments Development Environments OS : Fedora Core 6 OS : Fedora Core 6 Cross- -compiler: compiler: Montavista Montavista ARM GCC 3.3.1 ARM GCC 3.3.1 Cross Debugger : Trace32 ICD (In Circuit Debugger) Debugger : Trace32 ICD (In Circuit Debugger) 11 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics
Recommend
More recommend