secure architecture and secure architecture and
play

Secure Architecture and Secure Architecture and Implementation of - PowerPoint PPT Presentation

Feb 21, 2023 •110 likes •598 views

Secure Architecture and Secure Architecture and Implementation of Xen Xen on ARM on ARM Implementation of for Mobile Devices for Mobile Devices Sang- -bum bum Suh Suh Sang sbuk.suh@samsung.com sbuk.suh@samsung.com SW Laboratories SW

  1. Secure Architecture and Secure Architecture and Implementation of Xen Xen on ARM on ARM Implementation of for Mobile Devices for Mobile Devices Sang- -bum bum Suh Suh Sang sbuk.suh@samsung.com sbuk.suh@samsung.com SW Laboratories SW Laboratories CTO, Samsung Electronics CTO, Samsung Electronics April 17, 2007 April 17, 2007 Presented at Xen Xen Summit Spring 2007, IBM TJ Watson Summit Spring 2007, IBM TJ Watson Presented at

  2. Contributor Contributor Sang- -bum bum Suh Suh Sang Joo- -Young Hwang Young Hwang Joo Sung- -min Lee min Lee Sung Sungkwan Heo Heo Sungkwan Sangdok Mo Mo Sangdok ChanJu Park Park ChanJu Seong- -Yeol Yeol Park Park Seong Jong- -Tae Kim Tae Kim Jong Bokdeuk Jeong Jeong Bokdeuk Chul ryun ryun Kim Kim Chul Jaemin Ryu Ryu Jaemin Jaera Lee Lee Jaera Mikhail Pozhenko Pozhenko Mikhail 2 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics

  3. Agenda Agenda Requirements for Beyond 3G Mobile Device Requirements for Beyond 3G Mobile Device Goal and Approach Goal and Approach Xen on ARM on ARM Xen Xen on ARM Architecture on ARM Architecture Xen System Virtualization System Virtualization System Boot Operation System Boot Operation Security Security Security Architecture and Its Components Security Architecture and Its Components Implementation: Status Implementation: Status Conclusions and Future Work Conclusions and Future Work Appendix Appendix 3 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics

  4. Requirements Requirements for Beyond 3G Mobile Devices for Beyond 3G Mobile Devices High- -level Requirements level Requirements High End user: Secure and reliable mobile terminals for mobile Intern End user: Secure and reliable mobile terminals for mobile Internet et services using WiBro WiBro services using Manufacturer: Robustness though complexity of devices gets Manufacturer: Robustness though complexity of devices gets increased increased Contents provider: Protection of IP rights in end- -user terminals user terminals Contents provider: Protection of IP rights in end Carrier companies: Open and Secure Mobile Platform Carrier companies: Open and Secure Mobile Platform OSTI (Open Secure Terminal Initiative): NTT DoCoMo DoCoMo, Intel , Intel OSTI (Open Secure Terminal Initiative): NTT Apps. & Services System Multimedia m-Commerce Memory Multi- Multimedia Expected m-Commerce Memory Service Multi- > 64MB Web function Service > 64MB Web function Downloadable System Browsing Beyond 3G Downloadable I nternet/ Cellular Browsing Application CPU Complexity Component Application I ntegration CPU Component Environments Internet > 500 MIPS Reusability High-speed Internet > 500 MIPS Reusability VoIP Banking Mobile High-speed VoIP (10~ 100Mbps) , U-Health Banking Mobile 3D Game (10~ 100Mbps) , U-Health Multi-mode 3D Game Multi-mode Modem Modem User Manufacturer Security, Robustness, Needs Reliability Time-to-market (Secure Terminal) Beyond 3G environments and Needs 4 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics

  5. Threats to Mobile Devices Threats to Mobile Devices According to McAfee, threats to mobile devices will According to McAfee, threats to mobile devices will continue to grow in 2007 continue to grow in 2007 The number of malware malware created for Windows CE/Mobile created for Windows CE/Mobile The number of and Symbian Symbian was expected to reach 726 by the end of 2006, was expected to reach 726 by the end of 2006, and from an estimated 226 at the end of 2005 [KAW06] from an estimated 226 at the end of 2005 [KAW06] Attacks on mobile banking and trading Attacks on mobile banking and trading Steals financial data and sends them to a remote attacker Steals financial data and sends them to a remote attacker Examples [GOS06] Examples [GOS06] StealWar Worm (2006), Worm (2006), Flexispy Flexispy Trojan (2006), Trojan (2006), Brador Brador StealWar Backdoor (2004) Backdoor (2004) Denial of service (DoS DoS) attacks ) attacks Denial of service ( Inappropriate execution of instructions consuming system Inappropriate execution of instructions consuming system resources (e.g., memory, CPU, battery), resetting a system resources (e.g., memory, CPU, battery), resetting a system Examples [GOS06] Examples [GOS06] Cabir Worm (2004) Worm (2004), , CommWarrior CommWarrior Worm (2005), Worm (2005), Skulls Trojan Skulls Trojan Cabir (2004 4) ), , Mobler.a Mobler.a Worm Worm (200 (2006 6) ), , Cxoever Cxoever Worm (2006) Worm (2006) (200 5 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics

  6. Typical User Scenario Typical User Scenario Without VMM With VMM Non-trusted Non-trusted Servers Servers on Internet on Internet m-Wallet Server m-Wallet Server (Trusted Server) (Trusted Server) OTA (over-the-air) OTA (over-the-air) Secure Secure Secure app. download app. download Channel Channel Domain m-Wallet App2 App3 App1 m-Wallet Client App. App2 App3 App1 Unstable or Unstable or Client App. Malicious App. Malicious App. OS OS VMM OS Non-secure Domain H/W H/W * VMM = Virtual Machine Monitor 6 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics

  7. Features for Secure Mobile Devices Features for Secure Mobile Devices Low- -overhead system virtualization overhead system virtualization Low Separation of guest domains Separation of guest domains Hot plug- -in/ in/- -out of guest domains out of guest domains Hot plug Secure boot Secure boot Secure storage Secure storage Access control Access control 7 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics

  8. Agenda Agenda Requirements for Beyond 3G Mobile Device Requirements for Beyond 3G Mobile Device Goal and Approach Goal and Approach Xen on ARM on ARM Xen Xen on ARM Architecture on ARM Architecture Xen System Virtualization System Virtualization System Boot Operation System Boot Operation Security Security Security Architecture and Its Components Security Architecture and Its Components Implementation: Status Implementation: Status Conclusions and Future Work Conclusions and Future Work Appendix Appendix 8 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics

  9. Goal and Approach Goal and Approach Goal Goal Light- -weight secure virtualization technology for weight secure virtualization technology for Light beyond 3G mobile devices beyond 3G mobile devices Approach Approach Design and implementation of Design and implementation of VMM on ARM using Xen Xen architecture architecture VMM on ARM using Security features using Xen Security features using Xen on ARM: on ARM: guaranteeing confidentiality, integrity, and availability guaranteeing confidentiality, integrity, and availability Deliverables Deliverables VMM: Secure Xen Xen on ARM on ARM VMM: Secure Dom0, DomU DomU: Para : Para- -virtualized ARM Linux virtualized ARM Linux- -2.6.11 2.6.11 Dom0, kernel/ device drivers kernel/ device drivers 9 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics

  10. Architecture: Secure Xen Xen on ARM on ARM Architecture: Secure Dom 0 Dom U Dom 0 Dom U Application Application Application Application Application Application Application Application Application Application Back- -end Drivers end Drivers Front- -end Drivers end Drivers Back Front Domain Domain Native Drivers Native Drivers VM Interface VM Interface VM Interface VM Interface Access Control Resource Allocator Allocator Access Control Domain Manager Domain Manager Resource Secure Xen Xen on ARM on ARM Secure Peripheral Devices Hardware Peripheral Devices CPU System Memory Flash Memory Hardware CPU System Memory Flash Memory Peripheral Devices Peripheral Devices 10 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics

  11. Development Environments Development Environments HW and SW Environments HW and SW Environments A Reference System for Implementation A Reference System for Implementation SW SW Xen : Xen- -3.0.2 3.0.2 Xen : Xen Linux : ARM Linux- -2.6.11 2.6.11 Linux : ARM Linux GUI : Qtopia Qtopia GUI : HW HW Processor : ARM- -9 266Mhz ( 9 266Mhz (Freescale Freescale i.MX21) i.MX21) Processor : ARM Memory : 64MB Memory : 64MB Flash : NOR 32MB / NAND 64MB Flash : NOR 32MB / NAND 64MB LCD : 3.5 inch LCD : 3.5 inch Network : CS8900A 10Base- -T Ethernet Controller T Ethernet Controller Network : CS8900A 10Base Development Environments Development Environments OS : Fedora Core 6 OS : Fedora Core 6 Cross- -compiler: compiler: Montavista Montavista ARM GCC 3.3.1 ARM GCC 3.3.1 Cross Debugger : Trace32 ICD (In Circuit Debugger) Debugger : Trace32 ICD (In Circuit Debugger) 11 SW Laboratories, CTO, Samsung Electronics SW Laboratories, CTO, Samsung Electronics

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Secure Softw are A Secure Softw are Architecture Architecture Description Language

A Secure Softw are A Secure Softw are Architecture Architecture Description Language

A Secure Softw are A Secure Softw are Architecture Architecture Description Language Description Language Jie Ren, Richard N. Taylor Department of Informatics University of California, Irvine Software Security Assurance Tools, Techniques,

354 views • 22 slides
The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve Weingart Senior Engineer (561) 392 6100 c1shw@us.ibm.com Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY 4758 PCI

386 views • 11 slides
Architecture for Secure Internet Multicast R. Canetti, P-C. Cheng, F.Giraud, D. Pendarakis, J.R.

Architecture for Secure Internet Multicast R. Canetti, P-C. Cheng, F.Giraud, D. Pendarakis, J.R.

An IPSec-based Host Architecture for Secure Internet Multicast R. Canetti, P-C. Cheng, F.Giraud, D. Pendarakis, J.R. Rao, P. Rohatgi, IBM Research D. Saha Lucent Technologies Motivation In todays Internet the need for efficient and

337 views • 22 slides
Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O

Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O

Responsiveness Guarantee for the Sancus Protected Module Architecture Michiel Van Beirendonck Outline 1. Motivation 2. Sancus Overview o Secure I/O & application case o 3. Objectives Attacker model & properties o 4. Design

420 views • 14 slides
SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group,

SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group,

SCION: A Secure Multipath Interdomain Routing Architecture Adrian Perrig Network Security Group, ETH Zrich SCION: Next-generation Internet Architecture Path-aware networking: sender knows packets path Enables geo-fencing

497 views • 33 slides
Design and Implementatjon of a Dynamic Informatjon Flow Tracking Architecture to Secure a RISC-V

Design and Implementatjon of a Dynamic Informatjon Flow Tracking Architecture to Secure a RISC-V

Design and Implementatjon of a Dynamic Informatjon Flow Tracking Architecture to Secure a RISC-V Core for IoT Applicatjons Christjan Palmiero , Giuseppe Di Guglielmo , Luciano Lavagno , Luca P. Carloni Politecnico Di Torino

218 views • 18 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and

CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and

CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and Todd Austin Presented by Dan Amelang Background Rise of the Internet created demand for fast and efficient cryptographic processing

309 views • 14 slides
Trusted Architecture for Secure Shared Services (with Privacy), Future of Internet PPP, and

Trusted Architecture for Secure Shared Services (with Privacy), Future of Internet PPP, and

TAS 3 Trusted Architecture for Secure Shared Services (with Privacy), Future of Internet PPP, and Internet of Subject Personal Data Store Sampo Kellomki (sampo@zxidp.org) 11. October 2010, IIW London 09 TAS 3 Intro and Vision EU FP7

968 views • 75 slides
Khudra Secure Embedded Architecture Laboratory, Indian Institute of Technology, Kharagpur, India

Khudra Secure Embedded Architecture Laboratory, Indian Institute of Technology, Kharagpur, India

A New Improved Key-Scheduling for Khudra Secure Embedded Architecture Laboratory, Indian Institute of Technology, Kharagpur, India Rajat Sadhukhan, Souvik Kolay, Shashank Srivastava, Sikhar Patranabis, Santosh Ghosh, Debdeep Mukhopadhyay

548 views • 24 slides
ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices N. Asokan 1 ,

ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices N. Asokan 1 ,

ASSURED: Architecture for Secure Software Update of Realistic Embedded Devices N. Asokan 1 , Thomas Nyman 1,2 , Norrathep Rattanavipanon 3 , Ahmad-Reza Sadeghi 4 , Gene Tsudik 3 1 Aalto University, 2 Trustonic, 3 University of California, Irvine,

537 views • 26 slides
RWTHApp From a requirements analysis to a service oriented architecture for secure mobile access

RWTHApp From a requirements analysis to a service oriented architecture for secure mobile access

RWTHApp From a requirements analysis to a service oriented architecture for secure mobile access to personalized data Marius Politze, Bernd Decker IT Center RWTH Aachen University Overview Requirements Analysis Process

557 views • 16 slides
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel and Suman Janna Some slides are from

1.03k views • 58 slides
Trusted Architecture for Secure Shared Services (with Privacy) Sampo Kellomki (sampo@zxidp.org)

Trusted Architecture for Secure Shared Services (with Privacy) Sampo Kellomki (sampo@zxidp.org)

TAS 3 Trusted Architecture for Secure Shared Services (with Privacy) Sampo Kellomki (sampo@zxidp.org) 29. September, 2010, ICT, Brussels 05 TAS 3 Intro Visit TAS 3 booth in hall H (near Prime Life booth) Project runs until end of 2011

660 views • 54 slides
Can Secure architecture perform? Motivated by Yales talk Machine Learning and Quantum

Can Secure architecture perform? Motivated by Yales talk Machine Learning and Quantum

Can Secure architecture perform? Motivated by Yales talk Machine Learning and Quantum Computing; Is there anything else worth working on? ISCA, 2002 Avi Mendelson Technion, Israel avi.mendelson@technion.ac.il Agenda Intro and motivation

525 views • 18 slides
A Secure Autonomous Document Architecture for Enterprise Digital Right Management Manuel Munier

A Secure Autonomous Document Architecture for Enterprise Digital Right Management Manuel Munier

A Secure Autonomous Document Architecture for Enterprise Digital Right Management Manuel Munier LIUPPA Universit e de Pau et des Pays de lAdour Mont de Marsan, France manuel.munier@univ-pau.fr SITIS 2011 November 28 - December 1, 2011

591 views • 36 slides
Joanna End to End Acquisition (Mortgage) and Mark Married couple Joanna and Mark rent a flat

Joanna End to End Acquisition (Mortgage) and Mark Married couple Joanna and Mark rent a flat

Joanna End to End Acquisition (Mortgage) and Mark Married couple Joanna and Mark rent a flat in Edinburgh. Theyre keen to take the first step in becoming homeowners. Joanna and Mark Married couple Joanna and Mark rent a flat in

731 views • 7 slides
Introduction to Blockchain www.magrathealabs.com source: Scott Adams' Dilbert source: Gartner

Introduction to Blockchain www.magrathealabs.com source: Scott Adams' Dilbert source: Gartner

Diogo Trentini e Lauro Gripa Neto Introduction to Blockchain www.magrathealabs.com source: Scott Adams' Dilbert source: Gartner Inc. SUMMARY 1. Introduction 2. Theoretical concepts 3. Applications 4. Challenges 5. Conclusions Whats a

664 views • 41 slides
HwgPay Beyond The Digital Payment HwgPay Account Registration HwgPay Account Registration

HwgPay Beyond The Digital Payment HwgPay Account Registration HwgPay Account Registration

HwgPay Beyond The Digital Payment HwgPay Account Registration HwgPay Account Registration (Coming soon on July) Step 1 : Get Wallet Login to Android Play Store or Apple App Store to download. HwgPay Account Registration Step 2 :

1.35k views • 64 slides
June 20, 2018 o e c d - o p s i . o r g @ O P S I g o v o p s i @ o e c d . o r g OPSI is a

June 20, 2018 o e c d - o p s i . o r g @ O P S I g o v o p s i @ o e c d . o r g OPSI is a

Blockchain and its Use in the Public Sector June 20, 2018 o e c d - o p s i . o r g @ O P S I g o v o p s i @ o e c d . o r g OPSI is a forum for shared lessons and insights into the practice of innovation in government. Since 2014, it has

544 views • 26 slides
Digital Watermarking Presented by Melinos Averkiou History 1282 Paper Watermarks 1779

Digital Watermarking Presented by Melinos Averkiou History 1282 Paper Watermarks 1779

Digital Watermarking Presented by Melinos Averkiou History 1282 Paper Watermarks 1779 Counterfeiting 1954 Watermarking music 1988 First use of the term Digital Watermark End of 1990s large interest in

725 views • 31 slides
t trr tt s

t trr tt s

t trr tt s t tt P ss s Ptr r t

564 views • 37 slides
A Model for I mage Splicing Tian-Tsong Ng, Shih-Fu Chang Department of Electrical Engineering

A Model for I mage Splicing Tian-Tsong Ng, Shih-Fu Chang Department of Electrical Engineering

A Model for I mage Splicing Tian-Tsong Ng, Shih-Fu Chang Department of Electrical Engineering Columbia University, New York, USA Outline Review Problem and Motivation Our Approach Definition: Bicoherence Why Bicoherence

339 views • 29 slides
CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom Austin San Jos State University Secret Sharing: Motivation Goal: make secret available, but make it hard to peek. Divide secret among

731 views • 48 slides

More recommend