Title :
iKernel: Isolating Buggy and Malicious Device Drivers Using Hardware Virtualization Support
Author :
Tan, Lin ; Chan, Ellick M. ; Farivar, Reza ; Mallick, Nevedita ; Carlyle, Jeffrey C. ; David, Francis M. ; Campbell, Roy H.
Author_Institution :
Univ. of Illinois at Urbana-Champaign, Urbana
Abstract :
The users of today´s operating systems demand high reliability and security. However, faults introduced outside of the core operating system by buggy and malicious device drivers can significantly impact these dependability attributes. To help improve driver isolation, we propose an approach that utilizes the latest hardware virtualization support to efficiently sandbox each device driver in its own minimal virtual machine (VM) so that the kernel is protected from faults in these drivers. We present our implementation of a low-overhead virtual-machine based framework which allows reuse of existing drivers. We have constructed a prototype to demonstrate that it is feasible to utilize existing hardware virtualization techniques to allow device drivers in a VM to communicate with devices directly without frequent hardware traps into the virtual machine monitor (VMM). We have implemented a prototype parallel port driver which interacts through iKernel to communicate with a physical LED device.
Keywords :
device drivers; operating system kernels; system recovery; virtual machines; LED device; buggy-malicious device drivers; core operating system; hardware virtualization support; low-overhead virtual-machine based framework; operating systems; Hardware; Kernel; Operating systems; Platform virtualization; Protection; Security; Virtual machine monitors; Virtual machining; Virtual manufacturing; Virtual prototyping;
Conference_Titel :
Dependable, Autonomic and Secure Computing, 2007. DASC 2007. Third IEEE International Symposium on
Conference_Location :
Columbia, MD
Print_ISBN :
978-0-7695-2985-1
DOI :
10.1109/DASC.2007.16
