Mobile devices and embedded systems have become ubiquitous in our society. Such systems use ARM processors, which differ greatly from the traditional x86 processors found in larger computing devices. As devices become smaller, there is a growing demand for virtualization, which provides benefits such as energy efficiency and the ability to use the device in multiple operational modes. Virtualization is especially important in the context of system security as many security mechanisms leverage virtualization as a core technology for fault containment and isolation, intrusion detection, malware analysis, and the detection, diagnosis, and remediation of software vulnerabilities. To address the challenges of ARM virtualization, this project designs, implements, and deploys KVM/ARM, an open-source ARM hypervisor in the Linux operating system. Since the traditional x86 architecture is vastly different from ARM, past work on x86 hardware support for virtualization cannot be carried over to ARM. In addition, ARM processors vary greatly since each licensee of the ARM technology adapts and changes the systems software to meet their needs. Successfully creating an ARM hypervisor that is adaptable across a range of ARM implementations offers rich opportunities for incorporating security into the hardware itself. Adopting this research into mainline Linux code ensures that capability is broadly available on a supported foundation for system security research.
TWC: TTP Option: Small: A Linux ARM Hypervisor for System Security