Presentation is loading. Please wait.

Presentation is loading. Please wait.

D u k e S y s t e m s Pocket Hypervisors: Opportunities and Challenges Peter Chen University of Michigan Landon Cox Duke University.

Published byBruno Ross Modified over 9 years ago

Similar presentations

Presentation on theme: "D u k e S y s t e m s Pocket Hypervisors: Opportunities and Challenges Peter Chen University of Michigan Landon Cox Duke University."— Presentation transcript:

1 D u k e S y s t e m s Pocket Hypervisors: Opportunities and Challenges Peter Chen University of Michigan Landon Cox Duke University

2 D u k e S y s t e m s Conventional organization Operating System Process

3 D u k e S y s t e m s Hypervisor Hypervisor organization Guest OS Process Encapsulation Mediation Isolation

4 D u k e S y s t e m s Recent interest in hypervisors  Lots of papers/companies the past five years  Xen, VMware, ReVirt, Potemkin, etc.  On mobile devices? Not so much.  Some uses of encapsulation (ISR, SoulPad)  No uses of mediation or isolation  Why? Hypervisors have been considered impractical  Insufficient hardware support  Prohibitive performance overhead

5 D u k e S y s t e m s Pocket hypervisors are practical and useful. SecurityOpportunistic services Hardware support Privilege modes MMU Moore’s Law

6 D u k e S y s t e m s Securing commodity devices  With PC functions come PC problems  Mobile malware already exists (Cabir, Skulls)  BlueTooth exploits (BlueBug, SNARF)  Poses new kinds of threats  Conversation eavesdropping  Location privacy compromises  Gain access to telecom resources  trifinite.org, bluestumbler.org

7 D u k e S y s t e m s OS Simple example attack: Skulls Mobile Anti- virus Camera Address book “Flash player” On reboot, phone can only make and receive calls. Blue Tooth services

8 D u k e S y s t e m s Pocket Hypervisor Partition device functionality Isolate core services from untrusted apps. Age-old challenge: how to still allow sharing? Shared file space? Explicit message passing? Core Guest OS Mobile Anti- virus 3 rd party Guest OS Blue Tooth services “Flash player” Blue Tooth services Camera

9 D u k e S y s t e m s OS Example attack: BlueBug Mobile Anti- virus Camera Address book Remote access to SIM card, can issue AT commands. (attacker can read contacts, make calls, send SMS) Blue Tooth services

10 D u k e S y s t e m s Pocket Hypervisor Security services Core Guest OS Mobile Anti- virus Camera 3 rd party Guest OS App Blue Tooth services Security services Difficult to stop this attack (can’t force BT to properly authenticate) Hypervisor can still provide secure logging, profiling services Key challenge: how to expose and log guest state efficiently

11 D u k e S y s t e m s Pocket hypervisors are practical and useful. SecurityOpportunistic services Hardware support

12 D u k e S y s t e m s  Expose information about environment  Light, pressure, temperature readings  Expands vantage point of owner  Hundreds of observation points  Streamed/aggregated to central location  Mote price-performance ratio  Cheap nodes allow large deployments  (cover large area, overcome failures)  Powerful nodes allow complex applications Sensor networks

13 D u k e S y s t e m s  Expose information about environment  Network events, MAC addresses, ESSIDs  Expands vantage point of owner  Hundreds of observation points  Streamed/aggregated to central location  Phone price-performance ratio  Cheap nodes allow large deployments  (cover large area, overcome mobility)  Powerful nodes allow complex applications Mobile phones as sensors

14 D u k e S y s t e m s Opportunistic services  COPSE (new project at Duke)  Concurrent opportunistic sensor environment  “A thicket of small trees cut for economic purposes.”  Allow execution of untrusted service instances  Enables mobile testbeds, opportunistic sensor nets  Hypervisor ensures isolation (performance, energy)  Key tension  Encourage volunteers to participate  Support useful services

15 D u k e S y s t e m s Internet What are the disincentives to participate?

16 D u k e S y s t e m s Example disincentive Duke Franc Home Duke Franc Home Adversaries shouldn’t be able to upload location trackers.

17 D u k e S y s t e m s Location privacy  Could enforce execution regions  Only execute guests within a physical region  Requires access to a location service  Could “scrub” MAC addresses  Hypervisor manages device namespace  Translate names between VM and network

18 D u k e S y s t e m s Wireless NIC Hypervisor Guest OS App Guest OS App VDriver 00:18:DE:2C:A3:8A 00:0C:29:4E:F4:1C  00:30:65:0D:11:61 Machine Driver Hypervisor Guest OS App Guest OS App VDriver 00:0C:29:4E:F4:1C 00:18:DE:2C:A3:8A  00:13:21:B7:94:B9 Machine Driver N2 = 00:30:65:0D:11:61 N1 = 00:13:21:B7:94:B9 Node One (N1)Node Two (N2)

19 D u k e S y s t e m s Conclusions  Pocket hypervisors are practical and useful  Practicality  Commodity devices support for virtualization  Devices resources are becoming more plentiful  Usefulness  Device security  Opportunistic services

Download ppt "D u k e S y s t e m s Pocket Hypervisors: Opportunities and Challenges Peter Chen University of Michigan Landon Cox Duke University."

Similar presentations

Microsoft Windows NT Embedded 4.0

Microsoft Windows NT Embedded 4.0
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
D u k e S y s t e m s CrowdLab An Architecture for Volunteer Mobile Testbeds Eduardo Cuervo Peter Gilbert Bi Wu Landon P. Cox Duke University.

D u k e S y s t e m s CrowdLab An Architecture for Volunteer Mobile Testbeds Eduardo Cuervo Peter Gilbert Bi Wu Landon P. Cox Duke University.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Ian Pratt SVP, Products Bromium Inc.

Ian Pratt SVP, Products Bromium Inc.
Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.

Supporting The Mobile Client: Expanding Our Borders John Guidone Manager, Desktop Technologies and Dawn E. Colonese Manager, Help Desk & Client Access.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.
Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.

Rootkits on Smart Phones: Attacks, Implications and Opportunities Jeffrey Bickford, Ryan O’Hare, Arati Baliga, Vinod Ganapathy, and Liviu Iftode Department.
Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
Performance Evaluation of Open Virtual Routers M.Siraj Rathore

Performance Evaluation of Open Virtual Routers M.Siraj Rathore
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.

New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
Introduction to Virtualization

Introduction to Virtualization
Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.

Bluetooth Technology. What is Bluetooth? Bluetooth is a short- range communications technology that allows devices to communicate with each other without.
310KM Mobile Commerce Applications Lab/Tutorial 8 Part 3 Team members: Li Chun Yin Pun Hoi Lam Pun Hoi Lam Shek Hin Shing Shek Hin Shing.

310KM Mobile Commerce Applications Lab/Tutorial 8 Part 3 Team members: Li Chun Yin Pun Hoi Lam Pun Hoi Lam Shek Hin Shing Shek Hin Shing.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
INTRODUCING: KASPERSKY Security FOR VIRTUALIZATION | LIGHT AGENT FOR MICROSOFT AND CITRIX VIRTUAL ENVIRONMENTS.

INTRODUCING: KASPERSKY Security FOR VIRTUALIZATION | LIGHT AGENT FOR MICROSOFT AND CITRIX VIRTUAL ENVIRONMENTS.

Similar presentations

Ads by Google