Page 24

EETE JUN 2015

ENCRYPTION & DATA SECURITY Hardware virtualization based embedded security and the trusted hypervisor By CMajid Bemanian onnected products such as many Internet of Things (IoT) devices, gateway routers, IPTVs, mobile devices and automotive systems must increasingly be designed to support numerous unique applications, various content sources, and in-the-field software updates from service providers and operators, all while ensuring privacy and data protection. As multiple applications and associated data co-exist on the same SoC, each must be kept secure from external attacks and also from each other. For example, in automotive, communications are becoming tightly coupled with Hardware-assisted virtualization allows effective separation of Guests from the Root. smartphones, bringing third party services into the automotive infrastructure. And in supporting emerging applications such as self-parking and autonomous driving, it is critical to ensure ultra-safe operation to meet ADAS requirements. Static-based approaches for embedded system security which define secure and non-secure zones by partitioning separate hardware subsystems for each zone have been generally effective to-date. But today’s approaches are generally CPUcentric, binary – with one secure zone / one non-secure zone – and are complicated to implement. These solutions won’t scale to address the sophisticated types of applications and services being enabled by next-generation connected devices and the cloud. As a result, more scalable and cost-effective approaches are required to address the needs of newer devices running multiple applications over several secure environments/ domains. Hardware virtualization as a foundation for embedded security Hardware virtualization can create the requisite scalable trusted environments for secure embedded systems. Virtualization is a technique for creating multiple isolated environments to house multiple guest operating systems and/or applications over a common shared hardware resource such as a CPU subsystem. This technology is already widely used in datacenter and server systems, and can provide a cost- and power-efficient foundation for implementing security in a wider range of devices including embedded systems. With hardware virtualization support in the CPU, GPU and other processors in a SoC, companies can create multiple isolated domains, where each application can be protected from the others. Figure 1b shows Imagination’s OmniShield hardware-assisted virtualization technology that supports a multi-domain system. Introducing the hypervisor For an embedded application, the hypervisor is a small body of privileged code that sits above the hardware and manages the SoC resources by defining access policies for each execution domain referred to as Virtual Machines (VMs) or Guests. With Imagination’s OmniShield-enabled CPUs and GPUs, as many as 255 VMs can scale from a single core to multiple cores within a cluster or multiple clusters. There is keen interest from companies in a broad range of vertical segments in the concept of using hardware-assisted virtualization to provide multiple independent domains that are isolated from one another for security, reliability, and ease-of development and deployment purposes. But the question remains as how to design embedded security through the use of hypervisors and how hypervisors can be securely anchored to hardware and trusted. Hardware-supported hypervisor In a typical embedded system, a translation lookaside buffer (TLB) is used by memory management hardware in a hierarchical fashion to improve virtual address translation speed. In systems leveraging hardware-assisted virtualization, a two-level hierarchy TLB enables isolation while maintaining comparable performance. The hierarchy consists of two layers: 1) Guest TLB; and 2) Root TLB. Each VM/ Guest operates in a traditional user mode (Figure 1a) where the Guest TLB (G.TLB) is configured in the same way as a traditional TLB. In this way, little or no modification is required to be made to the Guest Kernel. The hypervisor in privileged mode is in control of the Root TLB (R.TLB), redirecting the Guest access to the correct physical address. In this way, the hypervisor is policing all CPU bus transactions per pre-established access policies, assuring each Fig. 2: Enforcing isolation in a virtual environment. Guest operates within the boundaries established by the hypervisor. In other words, the Root TLB, as part of the hierarchy of memory management units (Root MMU), under the control Majid Bemanian is Director of Segment Marketing at Imagination Technologies - www.imgtec.com 24 Electronic Engineering Times Europe June 2015 www.electronics-eetimes.com


EETE JUN 2015
To see the actual publication please follow the link above