Fine-grained I/O access control of the mobile devices based on the Xen architecture

System virtualization is now available for mobile devices allowing for many advantages. Two of the major benefits from virtualization are system fault isolation and security. The isolated driver domain (IDD) model, a widely adopted architecture, enables strong system fault isolation by limiting the impact of driver faults to the driver domain itself. However, excessive I/O requests from a malicious domain to an IDD can cause CPU overuse of the IDD and performance degradation of applications in the IDD and other domains that share the same I/O device with the malicious do-main. If the IDD model is applied to mobile devices, this failure of performance isolation could also lead to battery drain, and thus it introduces a new severe threat to mobile devices. In order to solve this problem, we propose a fine-grained I/O access control mechanism in an IDD. Requests from guest domains are managed by an accounting module in terms of CPU usage, with the calcula-tion of estimated CPU consumption using regression equations. The requests are scheduled by an I/O access control enforcer ac-cording to security policies. As a result, our mechanism provides precise control on the CPU usage of a guest domain due to I/O device access, and prevents malicious guest domains from CPU overuse, performance degradation, and battery drain. We have implemented a prototype of our approach considering both network and storage devices with a real smart phone (SGH-i780) that runs two para-virtualized Linux kernels on top of Secure Xen on ARM. The evaluation shows our approach effectively protects a smart phone against excessive I/O attacks and guarantees availability.

[1]  Stefan Berger,et al.  Building a MAC-based security architecture for the Xen open-source hypervisor , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[2]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[3]  Sung-Min Lee,et al.  A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[4]  Kang G. Shin,et al.  Behavioral detection of malware on mobile handsets , 2008, MobiSys '08.

[5]  Peter Chubb Get more device drivers out of the kernel , 2004 .

[6]  Amin Vahdat,et al.  Enforcing Performance Isolation Across Virtual Machines in Xen , 2006, Middleware.

[7]  R. Sailer,et al.  sHype : Secure Hypervisor Approach to Trusted Virtualized Systems , 2005 .

[8]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.

[9]  Mike Hibler,et al.  The Flask Security Architecture: System Support for Diverse Security Policies , 1999, USENIX Security Symposium.

[10]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[11]  Sebastian Sumpf,et al.  Device Driver Isolation within Virtualized Embedded Platforms , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[12]  Andrew Warfield,et al.  Safe Hardware Access with the Xen Virtual Machine Monitor , 2007 .

[13]  Jeanna Neefe Matthews,et al.  Performance Isolation of a Misbehaving Virtual Machine with Xen , VMware and Solaris Containers , 2006 .

[14]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[15]  Kang G. Shin,et al.  On Mobile Viruses Exploiting Messaging and Bluetooth Services , 2006, 2006 Securecomm and Workshops.

[16]  Samuel T. King,et al.  Detecting past and present intrusions through vulnerability-specific predicates , 2005, SOSP '05.

[17]  Sang-Bum Suh,et al.  Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones , 2008, 2008 5th IEEE Consumer Communications and Networking Conference.

[18]  Andrew Warfield,et al.  Reconstructing I/O , 2004 .

[19]  François Armand,et al.  Shared device driver model for virtualized mobile handsets , 2008, MobiVirt '08.

[20]  Daniel C. Nash,et al.  An Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computers , 2005 .

[21]  Peter Chubb Linux kernel infrastructure for user-level device drivers , 2004 .

[22]  Michael S. Hsiao,et al.  Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.