Fine-grained I/O access control based on xen virtualization for 3G/4G mobile devices

Although Xen's isolated driver domain (IDD) model enables strong system isolation by limiting the impact of driver faults to the driver domain itself, it results in severe security problems when malware in a guest domain tries to abuse mobile device's limited system resources by sending an extreme number of I/O requests to the IDD. In order to solve this problem, this paper presents a fine-grained I/O access control mechanism in an IDD. Requests from guest domains are managed by an accounting module in terms of CPU usage, with the calculation of estimated CPU consumption using regression equations. The requests are scheduled by an I/O access control enforcer according to security policies. As a result, our mechanism provides precise control on the CPU usage of a guest domain due to I/O device access, and prevents compromised guest domains from CPU overuse, performance degradation, and battery drain. We have implemented a prototype of our approach considering both network and storage devices with a real smart phone (SGH-i780) that runs two para-virtualized Linux kernels on top of Secure Xen on ARM. The evaluation shows our approach effectively protects a smart phone against excessive I/O attacks and guarantees availability.

[1]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[2]  Sebastian Sumpf,et al.  Device Driver Isolation within Virtualized Embedded Platforms , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[3]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[4]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.

[5]  Stefan Berger,et al.  Building a MAC-based security architecture for the Xen open-source hypervisor , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[6]  Peter Chubb Linux kernel infrastructure for user-level device drivers , 2004 .

[7]  Amin Vahdat,et al.  Enforcing Performance Isolation Across Virtual Machines in Xen , 2006, Middleware.

[8]  Peter Chubb Get more device drivers out of the kernel , 2004 .

[9]  R. Sailer,et al.  sHype : Secure Hypervisor Approach to Trusted Virtualized Systems , 2005 .

[10]  Sung-Min Lee,et al.  A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[11]  Sang-Bum Suh,et al.  Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[12]  Andrew Warfield,et al.  Reconstructing I/O , 2004 .

[13]  Andrew Warfield,et al.  Safe Hardware Access with the Xen Virtual Machine Monitor , 2007 .

[14]  François Armand,et al.  Shared device driver model for virtualized mobile handsets , 2008, MobiVirt '08.