IKernel: Isolating buggy and malicious device drivers using hardware virtualization support

Tan Lin; Ellick M. Chan; Reza Farivar; Nevedita Mallick; Jeffrey C. Carlyle; Francis M. David; Roy H. Campbell

doi:10.1109/ISDASC.2007.4351398

IKernel: Isolating buggy and malicious device drivers using hardware virtualization support

Tan Lin, Ellick M. Chan, Reza Farivar, Nevedita Mallick, Jeffrey C. Carlyle, Francis M. David, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The users of today's operating systems demand high reliability and security. However, faults introduced outside of the core operating system by buggy and malicious device drivers can significantly impact these dependability attributes. To help improve driver isolation, we propose an approach that utilizes the latest hardware virtualization support to efficiently sandbox each device driver in its own minimal Virtual Machine (VM) so that the kernel is protected from faults in these drivers. We present our implementation of a low-overhead virtual-machine based framework which allows reuse of existing drivers. We have constructed a prototype to demonstrate that it is feasible to utilize existing hardware virtualization techniques to allow device drivers in a VM to communicate with devices directly without frequent hardware traps into the Virtual Machine Monitor (VMM). We have implemented a prototype parallel port driver which interacts through iKernel to communicate with a physical LED device.

Original language	English (US)
Title of host publication	Proceedings - DASC 2007
Subtitle of host publication	Third IEEE International Symposium on Dependable, Autonomic and Secure Computing
Pages	134-142
Number of pages	9
DOIs	https://doi.org/10.1109/ISDASC.2007.4351398
State	Published - 2007
Event	DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing - Columbia, MD, United States Duration: Sep 25 2007 → Sep 26 2007

Publication series

Name	Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing

Other

Other	DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing
Country/Territory	United States
City	Columbia, MD
Period	9/25/07 → 9/26/07

ASJC Scopus subject areas

General Computer Science
Electrical and Electronic Engineering

Online availability

10.1109/ISDASC.2007.4351398

Library availability

Discover UIUC Full Text

Cite this

Lin, T., Chan, E. M., Farivar, R., Mallick, N., Carlyle, J. C., David, F. M., & Campbell, R. H. (2007). IKernel: Isolating buggy and malicious device drivers using hardware virtualization support. In Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing (pp. 134-142). Article 4351398 (Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing). https://doi.org/10.1109/ISDASC.2007.4351398

IKernel: Isolating buggy and malicious device drivers using hardware virtualization support. / Lin, Tan; Chan, Ellick M.; Farivar, Reza et al.
Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing. 2007. p. 134-142 4351398 (Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lin, T, Chan, EM, Farivar, R, Mallick, N, Carlyle, JC, David, FM & Campbell, RH 2007, IKernel: Isolating buggy and malicious device drivers using hardware virtualization support. in Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing., 4351398, Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing, pp. 134-142, DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing, Columbia, MD, United States, 9/25/07. https://doi.org/10.1109/ISDASC.2007.4351398

Lin T, Chan EM, Farivar R, Mallick N, Carlyle JC, David FM et al. IKernel: Isolating buggy and malicious device drivers using hardware virtualization support. In Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing. 2007. p. 134-142. 4351398. (Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing). doi: 10.1109/ISDASC.2007.4351398

Lin, Tan ; Chan, Ellick M. ; Farivar, Reza et al. / IKernel : Isolating buggy and malicious device drivers using hardware virtualization support. Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing. 2007. pp. 134-142 (Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing).

@inproceedings{5ab2d725c2ca4706b7a54ad5769d3f0b,

title = "IKernel: Isolating buggy and malicious device drivers using hardware virtualization support",

abstract = "The users of today's operating systems demand high reliability and security. However, faults introduced outside of the core operating system by buggy and malicious device drivers can significantly impact these dependability attributes. To help improve driver isolation, we propose an approach that utilizes the latest hardware virtualization support to efficiently sandbox each device driver in its own minimal Virtual Machine (VM) so that the kernel is protected from faults in these drivers. We present our implementation of a low-overhead virtual-machine based framework which allows reuse of existing drivers. We have constructed a prototype to demonstrate that it is feasible to utilize existing hardware virtualization techniques to allow device drivers in a VM to communicate with devices directly without frequent hardware traps into the Virtual Machine Monitor (VMM). We have implemented a prototype parallel port driver which interacts through iKernel to communicate with a physical LED device.",

author = "Tan Lin and Chan, {Ellick M.} and Reza Farivar and Nevedita Mallick and Carlyle, {Jeffrey C.} and David, {Francis M.} and Campbell, {Roy H.}",

year = "2007",

doi = "10.1109/ISDASC.2007.4351398",

language = "English (US)",

isbn = "0769529852",

series = "Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing",

pages = "134--142",

booktitle = "Proceedings - DASC 2007",

note = "DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing ; Conference date: 25-09-2007 Through 26-09-2007",

}

TY - GEN

T1 - IKernel

T2 - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing

AU - Lin, Tan

AU - Chan, Ellick M.

AU - Farivar, Reza

AU - Mallick, Nevedita

AU - Carlyle, Jeffrey C.

AU - David, Francis M.

AU - Campbell, Roy H.

PY - 2007

Y1 - 2007

N2 - The users of today's operating systems demand high reliability and security. However, faults introduced outside of the core operating system by buggy and malicious device drivers can significantly impact these dependability attributes. To help improve driver isolation, we propose an approach that utilizes the latest hardware virtualization support to efficiently sandbox each device driver in its own minimal Virtual Machine (VM) so that the kernel is protected from faults in these drivers. We present our implementation of a low-overhead virtual-machine based framework which allows reuse of existing drivers. We have constructed a prototype to demonstrate that it is feasible to utilize existing hardware virtualization techniques to allow device drivers in a VM to communicate with devices directly without frequent hardware traps into the Virtual Machine Monitor (VMM). We have implemented a prototype parallel port driver which interacts through iKernel to communicate with a physical LED device.

AB - The users of today's operating systems demand high reliability and security. However, faults introduced outside of the core operating system by buggy and malicious device drivers can significantly impact these dependability attributes. To help improve driver isolation, we propose an approach that utilizes the latest hardware virtualization support to efficiently sandbox each device driver in its own minimal Virtual Machine (VM) so that the kernel is protected from faults in these drivers. We present our implementation of a low-overhead virtual-machine based framework which allows reuse of existing drivers. We have constructed a prototype to demonstrate that it is feasible to utilize existing hardware virtualization techniques to allow device drivers in a VM to communicate with devices directly without frequent hardware traps into the Virtual Machine Monitor (VMM). We have implemented a prototype parallel port driver which interacts through iKernel to communicate with a physical LED device.

UR - http://www.scopus.com/inward/record.url?scp=38049016361&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=38049016361&partnerID=8YFLogxK

U2 - 10.1109/ISDASC.2007.4351398

DO - 10.1109/ISDASC.2007.4351398

M3 - Conference contribution

AN - SCOPUS:38049016361

SN - 0769529852

SN - 9780769529851

T3 - Proceedings - DASC 2007: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing

SP - 134

EP - 142

BT - Proceedings - DASC 2007

Y2 - 25 September 2007 through 26 September 2007

ER -

IKernel: Isolating buggy and malicious device drivers using hardware virtualization support

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this