ETD system

Electronic theses and dissertations repository


Tesi etd-07062017-092255

Thesis type
Tesi di laurea magistrale
A dual-hypervisor for platforms supporting hardware-assisted security and virtualization
Corso di studi
relatore Prof. Buttazzo, Giorgio C.
relatore Dott. Biondi, Alessandro
Parole chiave
  • Embedded Systems
  • Cyber-security
  • Virtualization
  • TrustZone
  • Security
  • Hypervisor
  • mixed-criticality
  • Trusted Execution Environment
Data inizio appello
Riassunto analitico
The need for security and virtualization capabilities in modern cyber-physical systems is increasing and plays a crucial role in their design. During the last years, several software-based techniques have been proposed to achieve isolation and security features, offering secure computing services and storing confidential/sensible data together with the execution of multiple software components on the same platform. Notably, such architectures are typically denoted as systems with Multiple Independent Levels of Security (MILS). However, due to the increase of software complexity and the exposure of modern systems by means of connectivity infrastructures, security became a fundamental design objective, originating strong functional and reliability requirements that cannot generally be achieved with pure software techniques. To meet such requirements, chip makers started developing hardware-based solutions to realize trusted execution environments (TEEs), whose one of the most popular proposals is the TrustZone technology developed by ARM. Contextually to the need of security features, virtualization established as the de-facto technology to support the execution of multiple software systems (possibly running upon different operating systems) on the same platform, with hypervisors being the most wide-spread solutions to achieve virtualization of the available computing resources. This thesis aims at proposing a software infrastructure for reconciling the virtualization capabilities offered by hypervisors with the need for executing multiple TEEs upon a shared platform. To this end, a dual-hypevisor solution is proposed to enable the execution of multiple domains in isolation, where each of them can comprise both a standard (i.e., non-secure) execution environment and a TEE, where the latter is executed upon secure world enabled by the ARM TrustZone technology. The design consists in two jointly-configured hypervisors, one managing non-secure domains, and another managing a set of virtualized TEEs, thus offering a further level of isolation by construction between the two worlds. A minimal software layer has been also introduced to orchestrate the two hypervisors and dispatching the corresponding interrupt signals.
The design has been realized by taking the XVISOR open-source hypervisor as a reference system. Experimental results have been finally performed to validate the proposed approach and assess its performance upon an ARM Cortex-A15 processor.