iKernel: Isolating Buggy and Malicious Device Drivers Using Hardware Virtualization Support

The users of today's operating systems demand high reliability and security. However, faults introduced outside of the core operating system by buggy and malicious device drivers can significantly impact these dependability attributes. To help improve driver isolation, we propose an approach that utilizes the latest hardware virtualization support to efficiently sandbox each device driver in its own minimal virtual machine (VM) so that the kernel is protected from faults in these drivers. We present our implementation of a low-overhead virtual-machine based framework which allows reuse of existing drivers. We have constructed a prototype to demonstrate that it is feasible to utilize existing hardware virtualization techniques to allow device drivers in a VM to communicate with devices directly without frequent hardware traps into the virtual machine monitor (VMM). We have implemented a prototype parallel port driver which interacts through iKernel to communicate with a physical LED device.

[1]  Rolf Drechsler,et al.  Implementing a multiple-valued decision diagram package , 1998, Proceedings. 1998 28th IEEE International Symposium on Multiple- Valued Logic (Cat. No.98CB36138).

[2]  S. Ross Multivalued State Component Systems , 1979 .

[3]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[4]  Marsha Chechik,et al.  Data structures for symbolic multi-valued model-checking , 2006, Formal Methods Syst. Des..

[5]  Kishor S. Trivedi,et al.  A BDD-Based Algorithm for Analysis of Multistate Systems with Multistate Components , 2003, IEEE Trans. Computers.

[6]  Hoang Pham,et al.  Reliability modeling of multi-state degraded systems with multi-competing failures and random shocks , 2005, IEEE Trans. Reliab..

[7]  Gregory Levitin Reliability of multi-state systems with two failure-modes , 2003, IEEE Trans. Reliab..

[8]  Stefan Götz,et al.  Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines , 2004, OSDI.

[9]  J. Sethuraman,et al.  Multistate Coherent Systems. , 1978 .

[10]  Brian N. Bershad,et al.  Improving the reliability of commodity operating systems , 2005, TOCS.

[11]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[12]  Neeraj Suri,et al.  Error propagation profiling of operating systems , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[13]  Mark Sullivan,et al.  Software defects and their impact on system availability-a study of field failures in operating systems , 1991, [1991] Digest of Papers. Fault-Tolerant Computing: The Twenty-First International Symposium.

[14]  Yung-Ruei Chang,et al.  OBDD-based evaluation of reliability and importance measures for multistate systems subject to imperfect fault coverage , 2005, IEEE Transactions on Dependable and Secure Computing.

[15]  Ming Jian Zuo,et al.  Dominant multi-state systems , 2004, IEEE Transactions on Reliability.

[16]  Roy H. Campbell,et al.  Choices, frameworks and refinement , 1991, Proceedings 1991 International Workshop on Object Orientation in Operating Systems.

[17]  Xue Janan,et al.  On Multistate System Analysis , 1985, IEEE Transactions on Reliability.

[18]  Antoine Rauzy,et al.  New algorithms for fault trees analysis , 1993 .

[19]  Martín Abadi,et al.  XFI: software guards for system address spaces , 2006, OSDI '06.

[20]  W. Griffith MULTISTATE RELIABILITY MODELS , 1980 .

[21]  Francesco Corsi,et al.  Multistate Markov Models and Structural Properties of the Transition-Rate Matrix , 1986, IEEE Transactions on Reliability.

[22]  L. Caldarola,et al.  Coherent systems with multistate components , 1980 .

[23]  Kai Yang,et al.  Dynamic reliability analysis of coherent multistate systems , 1995 .

[24]  George C. Necula,et al.  SafeDrive: safe and recoverable extensions using language-based techniques , 2006, OSDI '06.

[25]  Ole Agesen,et al.  A comparison of software and hardware techniques for x86 virtualization , 2006, ASPLOS XII.

[26]  Kishor S. Trivedi,et al.  A Combinatorial Algorithm for Performance and Reliability Analysis Using Multistate Models , 1994, IEEE Trans. Computers.

[27]  Herbert Bos,et al.  MINIX 3: a highly reliable, self-repairing operating system , 2006, OPSR.

[28]  Gil Neiger,et al.  Intel ® Virtualization Technology for Directed I/O , 2006 .

[29]  Richard E. Barlow,et al.  Coherent Systems with Multi-State Components , 1978, Math. Oper. Res..

[30]  Alan P. Wood,et al.  Multistate Block Diagrams and Fault Trees , 1985, IEEE Transactions on Reliability.

[31]  Roy H. Campbell,et al.  Improving dependability by revisiting operating system design , 2007 .

[32]  Chen-Shang Lin,et al.  On the OBDD-Representation of General Boolean Functions , 1992, IEEE Trans. Computers.

[33]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.