Xen on ARM: System Virtualization using Xen
Hypervisor for ARM-based Secure Mobile Phones
Joo-Young Hwang, Sang-Bum Suh, Sung-Kwan Heo, Chan-Ju Park,
Jae-Min Ryu, Seong-Yeol Park, Chul-Ryun Kim
Software Laboratories, Corporate Technology Operations, Samsung Electronics Co. Ltd.
416, Maetan-3Dong, Yeongtong-Gu, Suwon-City, Gyeonggi-Do, Korea, 443-742
E-mail: {jooyoung.hwang, sbuk.suh, sk.heo, bestworld}@samsung.com
{jm77.ryu, seongyeol.park, cr2104.kim}@samsung.com
Abstract—Mobile phones security is becoming an important
issue because they are being connected to an Internet through
wireless modem technologies. System virtualization technology
provides trusted computing capability by running isolated multi-
ple virtual machines under hypervisor. In this paper, we propose
a design of system virtualization for ARM CPU architecture
and describe implementation of prototype called Xen on Arm
using Xen hypervisor. Secure and nonsecure guest Linux virtual
machines are executing under Xen on ARM isolated with each
other and virtualization overhead is shown to be moderate
compared to native Linux running on bare metal H/W.
I. INTRODUCTION
Recently, beyond-3G mobile phones will be connected to
Internet through packet-switched networks such as mobile
WiMax and WiBro technologies. Mobile phones will face the
similar security problems with malwares as shown in personal
computer(PC) environments. Operating system (OS) level se-
curity solutions can be compromised if OS is compromised.
System virtualization technology has been applied to servers
and workstations to helps system users be able to consolidate
the hardware and provides flexibility. System virtualization
means creating virtual machines by virtualizing a full set of
hardware resources, including a processor, memory, storage
resources and peripheral devices. A virtual machine monitor
(VMM) or hypervisor is the software that provides abstraction
of virtual machine to guest OSes which are running under the
VMM. The virtual machine is a duplicated real machine, and
VMM takes complete control of virtualized resources.
The security issue can be handled by system virtualization
since it provides isolation of guest OSes running under VMM,
so that any compromised guest OS cannot be propagated to
other guest OS domains. This can guarantee availability of a
computing system even when a guest OS domain fails.
To investigate virtualization technology for embedded, we
choose ARM architecture since it is popularly used for mobile
phones and choose Xen which is a popular open source
hypervisor. The authors of this paper had reported on “Xen on
ARM” which is Xen for ARM architecture including VMM
level access control scheme in [1]. In this paper, we focus on
ARM virtualization technology and its implementation issues.
This paper is organized as following. In section II, we
describe virtualization technology backgrounds, implications
on virtualization for ARM architecture. In section III related
works are mentioned. In section IV and V, ARM CPU and
memory virtualization are presented, respectively. Then we
describe implementation issues and show performance results
in section VI. Finally we conclude in section VII.
II. B
ACKGROUNDS
A. Virtualization History
The notion of virtual machine dates back to the mid 1960’s
IBM M44/44X[2] and IBM CP-40, and has been used for
various application areas such as server consolidation, disas-
ter recovery, and testing of OS kernel. Rigorous survey of
virtualization can be found in [3].
In [4], the authors described sufficient condition for a
computer architecture to allow creation of VMM: A VMM
may be constructed if the set of sensitive instructions
1
for
that computer is a subset of the set of privileged instructions
2
and processor has at least two privilege modes (privileged
mode and non-privileged mode). The theorem can be naturally
extended to current machines.
Though several modern processors are not virtualizable
in the author’s sense because it has sensitive unprivileged
instructions, VMMs have been built successfully by handling
sensitive unprivileged instructions in various ways. Dynamic
recompilation technique is used to discover those instruc-
tions at run-time and replace them with a trap into the
VMM[5], which is known as full virtualization technology and
does not require OS source code modifications. I n contrast,
paravirtualization approach modifies guest OS source code
to replace those instructions with invocations of hypervisor
routines (aka “hypercall”). Though paravirtualization requires
OS modification, this is not critical issue because required
modification is slight.
1
Sensitive instructions are those that should be run in privileged mode to
ensure correct function of them. Sensitive instructions can be control sensitive
or behavior sensitive. Control sensitive instructions are those that attempt
to change the configuration of resources in the system. Behavior sensitive
instructions are those whose behavior or result depends on the configuration
of resources.
2
Privileged instructions are those that trap if the processor is in user mode
and do not trap if it is in system mode.
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE CCNC 2008 proceedings.
1-4244-1457-1/08/$25.00 © IEEE
257
下载后可阅读完整内容,剩余4页未读,立即下载
xjtufjj
- 粉丝: 0
- 资源: 4
我的内容管理
展开
最新资源
- 达梦数据库DM8手册大全:安装、管理与优化指南
- Python Matplotlib库文件发布:适用于macOS的最新版本
- QPixmap小demo教程:图片处理功能实现
- YOLOv8与深度学习在玉米叶病识别中的应用笔记
- 扫码购物商城小程序源码设计与应用
- 划词小窗搜索插件:个性化搜索引擎与快速启动
- C#语言结合OpenVINO实现YOLO模型部署及同步推理
- AutoTorch最新包文件下载指南
- 小程序源码‘有调’功能实现与设计课程作品解析
- Redis 7.2.3离线安装包快速指南
- AutoTorch-0.0.2b版本安装教程与文件概述
- 蚁群算法在MATLAB上的实现与应用
- Quicker Connector: 浏览器自动化插件升级指南
- 京东白条小程序源码解析与实践
- JAVA公交搜索系统:前端到后端的完整解决方案
- C语言实现50行代码爱心电子相册教程
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
