Xen on ARM: System Virtualization using Xen
Hypervisor for ARM-based Secure Mobile Phones
Joo-Young Hwang, Sang-Bum Suh, Sung-Kwan Heo, Chan-Ju Park,
Jae-Min Ryu, Seong-Yeol Park, Chul-Ryun Kim
Software Laboratories, Corporate Technology Operations, Samsung Electronics Co. Ltd.
416, Maetan-3Dong, Yeongtong-Gu, Suwon-City, Gyeonggi-Do, Korea, 443-742
E-mail: {jooyoung.hwang, sbuk.suh, sk.heo, bestworld}@samsung.com
{jm77.ryu, seongyeol.park, cr2104.kim}@samsung.com
Abstract—Mobile phones security is becoming an important
issue because they are being connected to an Internet through
wireless modem technologies. System virtualization technology
provides trusted computing capability by running isolated multi-
ple virtual machines under hypervisor. In this paper, we propose
a design of system virtualization for ARM CPU architecture
and describe implementation of prototype called Xen on Arm
using Xen hypervisor. Secure and nonsecure guest Linux virtual
machines are executing under Xen on ARM isolated with each
other and virtualization overhead is shown to be moderate
compared to native Linux running on bare metal H/W.
I. INTRODUCTION
Recently, beyond-3G mobile phones will be connected to
Internet through packet-switched networks such as mobile
WiMax and WiBro technologies. Mobile phones will face the
similar security problems with malwares as shown in personal
computer(PC) environments. Operating system (OS) level se-
curity solutions can be compromised if OS is compromised.
System virtualization technology has been applied to servers
and workstations to helps system users be able to consolidate
the hardware and provides flexibility. System virtualization
means creating virtual machines by virtualizing a full set of
hardware resources, including a processor, memory, storage
resources and peripheral devices. A virtual machine monitor
(VMM) or hypervisor is the software that provides abstraction
of virtual machine to guest OSes which are running under the
VMM. The virtual machine is a duplicated real machine, and
VMM takes complete control of virtualized resources.
The security issue can be handled by system virtualization
since it provides isolation of guest OSes running under VMM,
so that any compromised guest OS cannot be propagated to
other guest OS domains. This can guarantee availability of a
computing system even when a guest OS domain fails.
To investigate virtualization technology for embedded, we
choose ARM architecture since it is popularly used for mobile
phones and choose Xen which is a popular open source
hypervisor. The authors of this paper had reported on “Xen on
ARM” which is Xen for ARM architecture including VMM
level access control scheme in [1]. In this paper, we focus on
ARM virtualization technology and its implementation issues.
This paper is organized as following. In section II, we
describe virtualization technology backgrounds, implications
on virtualization for ARM architecture. In section III related
works are mentioned. In section IV and V, ARM CPU and
memory virtualization are presented, respectively. Then we
describe implementation issues and show performance results
in section VI. Finally we conclude in section VII.
II. B
ACKGROUNDS
A. Virtualization History
The notion of virtual machine dates back to the mid 1960’s
IBM M44/44X[2] and IBM CP-40, and has been used for
various application areas such as server consolidation, disas-
ter recovery, and testing of OS kernel. Rigorous survey of
virtualization can be found in [3].
In [4], the authors described sufficient condition for a
computer architecture to allow creation of VMM: A VMM
may be constructed if the set of sensitive instructions
1
for
that computer is a subset of the set of privileged instructions
2
and processor has at least two privilege modes (privileged
mode and non-privileged mode). The theorem can be naturally
extended to current machines.
Though several modern processors are not virtualizable
in the author’s sense because it has sensitive unprivileged
instructions, VMMs have been built successfully by handling
sensitive unprivileged instructions in various ways. Dynamic
recompilation technique is used to discover those instruc-
tions at run-time and replace them with a trap into the
VMM[5], which is known as full virtualization technology and
does not require OS source code modifications. I n contrast,
paravirtualization approach modifies guest OS source code
to replace those instructions with invocations of hypervisor
routines (aka “hypercall”). Though paravirtualization requires
OS modification, this is not critical issue because required
modification is slight.
1
Sensitive instructions are those that should be run in privileged mode to
ensure correct function of them. Sensitive instructions can be control sensitive
or behavior sensitive. Control sensitive instructions are those that attempt
to change the configuration of resources in the system. Behavior sensitive
instructions are those whose behavior or result depends on the configuration
of resources.
2
Privileged instructions are those that trap if the processor is in user mode
and do not trap if it is in system mode.
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE CCNC 2008 proceedings.
1-4244-1457-1/08/$25.00 © IEEE
257