Pocket hypervisors opportunities and challenges
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Pocket Hypervisors: Opportunities and Challenges PowerPoint PPT Presentation


  • 88 Views
  • Uploaded on
  • Presentation posted in: General

Pocket Hypervisors: Opportunities and Challenges. Landon Cox Duke University. Peter Chen University of Michigan. Conventional organization. Process. Process. Process. Operating System. Hypervisor organization. Process. Process. Encapsulation Mediation Isolation. Guest OS. Guest OS.

Download Presentation

Pocket Hypervisors: Opportunities and Challenges

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Pocket hypervisors opportunities and challenges

Pocket Hypervisors:Opportunities and Challenges

Landon Cox

Duke University

Peter Chen

University of Michigan


Conventional organization

Conventional organization

Process

Process

Process

Operating System


Hypervisor organization

Hypervisor organization

Process

Process

Encapsulation

Mediation

Isolation

Guest OS

Guest OS

Hypervisor


Recent interest in hypervisors

Recent interest in hypervisors

  • Lots of papers/companies the past five years

    • Xen, VMware, ReVirt, Potemkin, etc.

  • On mobile devices? Not so much.

    • Some uses of encapsulation (ISR, SoulPad)

    • No uses of mediation or isolation

  • Why? Hypervisors have been considered impractical

    • Insufficient hardware support

    • Prohibitive performance overhead


Pocket hypervisors opportunities and challenges

Pocket hypervisors are practical and useful.

Hardware support

Privilege modes

MMU

Moore’s Law

Security

Opportunistic services


Securing commodity devices

Securing commodity devices

  • With PC functions come PC problems

    • Mobile malware already exists (Cabir, Skulls)

    • BlueTooth exploits (BlueBug, SNARF)

  • Poses new kinds of threats

    • Conversation eavesdropping

    • Location privacy compromises

    • Gain access to telecom resources

  • trifinite.org, bluestumbler.org


Simple example attack skulls

Simple example attack: Skulls

“Flash player”

Address book

Camera

Mobile Anti-virus

Blue Tooth services

OS

On reboot, phone can only make and receive calls.


Partition device functionality

Partition device functionality

“Flash player”

Blue Tooth services

Camera

Mobile Anti-virus

Blue Tooth services

3rd party Guest OS

Core Guest OS

Pocket Hypervisor

Isolate core services from untrusted apps.

Age-old challenge: how to still allow sharing?

Shared file space? Explicit message passing?


Example attack bluebug

Example attack: BlueBug

Address book

Camera

Mobile Anti-virus

Blue Tooth services

OS

Remote access to SIM card, can issue AT commands.

(attacker can read contacts, make calls, send SMS)


Security services

Security services

App

App

Camera

Mobile Anti-virus

Blue Tooth services

3rd party Guest OS

Core Guest OS

Pocket Hypervisor

Security services

Difficult to stop this attack (can’t force BT to properly authenticate)

Hypervisor can still provide secure logging, profiling services

Key challenge: how to expose and log guest state efficiently


Pocket hypervisors opportunities and challenges

Pocket hypervisors are practical and useful.

Hardware support

Security

Opportunistic services


Sensor networks

Sensor networks

  • Expose information about environment

    • Light, pressure, temperature readings

  • Expands vantage point of owner

    • Hundreds of observation points

    • Streamed/aggregated to central location

  • Mote price-performance ratio

    • Cheap nodes allow large deployments

    • (cover large area, overcome failures)

    • Powerful nodes allow complex applications


Mobile phones as sensors

Mobile phones as sensors

  • Expose information about environment

    • Network events, MAC addresses, ESSIDs

  • Expands vantage point of owner

    • Hundreds of observation points

    • Streamed/aggregated to central location

  • Phone price-performance ratio

    • Cheap nodes allow large deployments

    • (cover large area, overcome mobility)

    • Powerful nodes allow complex applications


Opportunistic services

Opportunistic services

  • COPSE (new project at Duke)

    • Concurrent opportunistic sensor environment

    • “A thicket of small trees cut for economic purposes.”

  • Allow execution of untrusted service instances

    • Enables mobile testbeds, opportunistic sensor nets

    • Hypervisor ensures isolation (performance, energy)

  • Key tension

    • Encourage volunteers to participate

    • Support useful services


Pocket hypervisors opportunities and challenges

Internet

What are the disincentives to participate?


Example disincentive

Example disincentive

Duke

Franc

Home

Adversaries shouldn’t be able to upload location trackers.

Duke

Franc

Home


Location privacy

Location privacy

  • Could enforce execution regions

    • Only execute guests within a physical region

    • Requires access to a location service

  • Could “scrub” MAC addresses

    • Hypervisor manages device namespace

    • Translate names between VM and network


Pocket hypervisors opportunities and challenges

Node One (N1)

Node Two (N2)

App

App

App

App

Guest OS

Guest OS

Guest OS

Guest OS

N2 = 00:30:65:0D:11:61

N2 = 00:30:65:0D:11:61

N1 = 00:13:21:B7:94:B9

N1 = 00:13:21:B7:94:B9

VDriver

VDriver

VDriver

VDriver

Hypervisor

Hypervisor

00:0C:29:4E:F4:1C  00:30:65:0D:11:61

00:18:DE:2C:A3:8A  00:13:21:B7:94:B9

Machine Driver

Machine Driver

Wireless NIC

Wireless NIC

00:18:DE:2C:A3:8A

00:0C:29:4E:F4:1C


Conclusions

Conclusions

  • Pocket hypervisors are practical and useful

  • Practicality

    • Commodity devices support for virtualization

    • Devices resources are becoming more plentiful

  • Usefulness

    • Device security

    • Opportunistic services


  • Login