1 / 19

Pocket Hypervisors: Opportunities and Challenges

Pocket Hypervisors: Opportunities and Challenges. Landon Cox Duke University. Peter Chen University of Michigan. Conventional organization. Process. Process. Process. Operating System. Hypervisor organization. Process. Process. Encapsulation Mediation Isolation. Guest OS. Guest OS.

merry
Download Presentation

Pocket Hypervisors: Opportunities and Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pocket Hypervisors:Opportunities and Challenges Landon Cox Duke University Peter Chen University of Michigan

  2. Conventional organization Process Process Process Operating System

  3. Hypervisor organization Process Process Encapsulation Mediation Isolation Guest OS Guest OS Hypervisor

  4. Recent interest in hypervisors • Lots of papers/companies the past five years • Xen, VMware, ReVirt, Potemkin, etc. • On mobile devices? Not so much. • Some uses of encapsulation (ISR, SoulPad) • No uses of mediation or isolation • Why? Hypervisors have been considered impractical • Insufficient hardware support • Prohibitive performance overhead

  5. Pocket hypervisors are practical and useful. Hardware support Privilege modes MMU Moore’s Law Security Opportunistic services

  6. Securing commodity devices • With PC functions come PC problems • Mobile malware already exists (Cabir, Skulls) • BlueTooth exploits (BlueBug, SNARF) • Poses new kinds of threats • Conversation eavesdropping • Location privacy compromises • Gain access to telecom resources • trifinite.org, bluestumbler.org

  7. Simple example attack: Skulls “Flash player” Address book Camera Mobile Anti-virus Blue Tooth services OS On reboot, phone can only make and receive calls.

  8. Partition device functionality “Flash player” Blue Tooth services Camera Mobile Anti-virus Blue Tooth services 3rd party Guest OS Core Guest OS Pocket Hypervisor Isolate core services from untrusted apps. Age-old challenge: how to still allow sharing? Shared file space? Explicit message passing?

  9. Example attack: BlueBug Address book Camera Mobile Anti-virus Blue Tooth services OS Remote access to SIM card, can issue AT commands. (attacker can read contacts, make calls, send SMS)

  10. Security services App App Camera Mobile Anti-virus Blue Tooth services 3rd party Guest OS Core Guest OS Pocket Hypervisor Security services Difficult to stop this attack (can’t force BT to properly authenticate) Hypervisor can still provide secure logging, profiling services Key challenge: how to expose and log guest state efficiently

  11. Pocket hypervisors are practical and useful. Hardware support Security Opportunistic services

  12. Sensor networks • Expose information about environment • Light, pressure, temperature readings • Expands vantage point of owner • Hundreds of observation points • Streamed/aggregated to central location • Mote price-performance ratio • Cheap nodes allow large deployments • (cover large area, overcome failures) • Powerful nodes allow complex applications

  13. Mobile phones as sensors • Expose information about environment • Network events, MAC addresses, ESSIDs • Expands vantage point of owner • Hundreds of observation points • Streamed/aggregated to central location • Phone price-performance ratio • Cheap nodes allow large deployments • (cover large area, overcome mobility) • Powerful nodes allow complex applications

  14. Opportunistic services • COPSE (new project at Duke) • Concurrent opportunistic sensor environment • “A thicket of small trees cut for economic purposes.” • Allow execution of untrusted service instances • Enables mobile testbeds, opportunistic sensor nets • Hypervisor ensures isolation (performance, energy) • Key tension • Encourage volunteers to participate • Support useful services

  15. Internet What are the disincentives to participate?

  16. Example disincentive Duke Franc Home Adversaries shouldn’t be able to upload location trackers. Duke Franc Home

  17. Location privacy • Could enforce execution regions • Only execute guests within a physical region • Requires access to a location service • Could “scrub” MAC addresses • Hypervisor manages device namespace • Translate names between VM and network

  18. Node One (N1) Node Two (N2) App App App App Guest OS Guest OS Guest OS Guest OS N2 = 00:30:65:0D:11:61 N2 = 00:30:65:0D:11:61 N1 = 00:13:21:B7:94:B9 N1 = 00:13:21:B7:94:B9 VDriver VDriver VDriver VDriver Hypervisor Hypervisor 00:0C:29:4E:F4:1C  00:30:65:0D:11:61 00:18:DE:2C:A3:8A  00:13:21:B7:94:B9 Machine Driver Machine Driver Wireless NIC Wireless NIC 00:18:DE:2C:A3:8A 00:0C:29:4E:F4:1C

  19. Conclusions • Pocket hypervisors are practical and useful • Practicality • Commodity devices support for virtualization • Devices resources are becoming more plentiful • Usefulness • Device security • Opportunistic services

More Related