Pocket Hypervisors: Opportunities and Challenges - PowerPoint PPT Presentation

About This Presentation
Title:

Pocket Hypervisors: Opportunities and Challenges

Description:

Title: Slide 1 Author: Landon Cox Last modified by: Landon Cox Created Date: 10/26/2005 1:23:21 PM Document presentation format: On-screen Show (4:3) – PowerPoint PPT presentation

Number of Views:78
Avg rating:3.0/5.0
Slides: 20
Provided by: Lando8
Category:

less

Transcript and Presenter's Notes

Title: Pocket Hypervisors: Opportunities and Challenges


1
Pocket HypervisorsOpportunities and Challenges
  • Peter Chen
  • University of Michigan

Landon Cox Duke University
2
Conventional organization
Process
Process
Process
Operating System
3
Hypervisor organization
Process
Process
Encapsulation Mediation Isolation
Guest OS
Guest OS
Hypervisor
4
Recent interest in hypervisors
  • Lots of papers/companies the past five years
  • Xen, VMware, ReVirt, Potemkin, etc.
  • On mobile devices? Not so much.
  • Some uses of encapsulation (ISR, SoulPad)
  • No uses of mediation or isolation
  • Why? Hypervisors have been considered impractical
  • Insufficient hardware support
  • Prohibitive performance overhead

5
Pocket hypervisors are practical and useful.
Hardware support Privilege modes MMU Moores Law
Security
Opportunistic services
6
Securing commodity devices
  • With PC functions come PC problems
  • Mobile malware already exists (Cabir, Skulls)
  • BlueTooth exploits (BlueBug, SNARF)
  • Poses new kinds of threats
  • Conversation eavesdropping
  • Location privacy compromises
  • Gain access to telecom resources
  • trifinite.org, bluestumbler.org

7
Simple example attack Skulls
Mobile Anti-virus
Camera
Address book
Flash player
Blue Tooth services
OS
On reboot, phone can only make and receive calls.
8
Partition device functionality
Mobile Anti-virus
Blue Tooth services
Flash player
Blue Tooth services
Camera
Core Guest OS
3rd party Guest OS
Pocket Hypervisor
Isolate core services from untrusted
apps. Age-old challenge how to still allow
sharing? Shared file space? Explicit message
passing?
9
Example attack BlueBug
Mobile Anti-virus
Camera
Address book
Blue Tooth services
OS
Remote access to SIM card, can issue AT
commands. (attacker can read contacts, make
calls, send SMS)
10
Security services
Mobile Anti-virus
Camera
App
App
Blue Tooth services
Core Guest OS
3rd party Guest OS
Pocket Hypervisor
Security services
Difficult to stop this attack (cant force BT to
properly authenticate) Hypervisor can still
provide secure logging, profiling services Key
challenge how to expose and log guest state
efficiently
11
Pocket hypervisors are practical and useful.
Hardware support
Security
Opportunistic services
12
Sensor networks
  • Expose information about environment
  • Light, pressure, temperature readings
  • Expands vantage point of owner
  • Hundreds of observation points
  • Streamed/aggregated to central location
  • Mote price-performance ratio
  • Cheap nodes allow large deployments
  • (cover large area, overcome failures)
  • Powerful nodes allow complex applications

13
Mobile phones as sensors
  • Expose information about environment
  • Network events, MAC addresses, ESSIDs
  • Expands vantage point of owner
  • Hundreds of observation points
  • Streamed/aggregated to central location
  • Phone price-performance ratio
  • Cheap nodes allow large deployments
  • (cover large area, overcome mobility)
  • Powerful nodes allow complex applications

14
Opportunistic services
  • COPSE (new project at Duke)
  • Concurrent opportunistic sensor environment
  • A thicket of small trees cut for economic
    purposes.
  • Allow execution of untrusted service instances
  • Enables mobile testbeds, opportunistic sensor
    nets
  • Hypervisor ensures isolation (performance,
    energy)
  • Key tension
  • Encourage volunteers to participate
  • Support useful services

15
Internet
What are the disincentives to participate?
16
Example disincentive
Duke Franc Home
Adversaries shouldnt be able to upload location
trackers.
Duke Franc Home
17
Location privacy
  • Could enforce execution regions
  • Only execute guests within a physical region
  • Requires access to a location service
  • Could scrub MAC addresses
  • Hypervisor manages device namespace
  • Translate names between VM and network

18
Node One (N1)
Node Two (N2)
App
App
App
App
Guest OS
Guest OS
Guest OS
Guest OS
N2 0030650D1161
N2 0030650D1161
N1 001321B794B9
N1 001321B794B9
VDriver
VDriver
VDriver
VDriver
Hypervisor
Hypervisor
000C294EF41C ? 0030650D1161
0018DE2CA38A ? 001321B794B9
Machine Driver
Machine Driver
Wireless NIC
Wireless NIC
0018DE2CA38A
000C294EF41C
19
Conclusions
  • Pocket hypervisors are practical and useful
  • Practicality
  • Commodity devices support for virtualization
  • Devices resources are becoming more plentiful
  • Usefulness
  • Device security
  • Opportunistic services
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Pocket Hypervisors: Opportunities and Challenges" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!