Title :
Securing DMA through virtualization
Author :
Schwarz, Oliver ; Gehrmann, Christian
Author_Institution :
Swedish Inst. of Comput. Sci., Sweden
Abstract :
We present a solution for preventing guests in a virtualized system from using direct memory access (DMA) to access memory regions of other guests. The principles we suggest, and that we also have implemented, are purely based on software and standard hardware. No additional virtualization hardware such as an I/O Memory Management Unit (IOMMU) is needed. Instead, the protection of the DMA controller is realized with means of a common ARM MMU only. Overhead occurs only in pre- and postprocessing of DMA transfers and is limited to a few microseconds. The solution was designed with focus on security and the abstract concept of the approach was formally verified.
Keywords :
data visualisation; file organisation; microcontrollers; security of data; ARM MMU; DMA controller; I/O memory management unit; IOMMU; direct memory access security; virtualization hardware; virtualized system; Access control; Embedded systems; Hardware; Programming; Registers; Virtual machine monitors;
Conference_Titel :
Complexity in Engineering (COMPENG), 2012
Conference_Location :
Aachen
Print_ISBN :
978-1-4673-1614-9
DOI :
10.1109/CompEng.2012.6242958
