The Community for Technology Leaders
Dependable, Autonomic and Secure Computing, IEEE International Symposium on (2007)
Columbia, Maryland
Sept. 25, 2007 to Sept. 26, 2007
ISBN: 0-7695-2985-2
pp: 134-144
Lin Tan , University of Illinois at Urbana-Champaign, USA
Ellick M. Chan , University of Illinois at Urbana-Champaign, USA
Reza Farivar , University of Illinois at Urbana-Champaign, USA
Nevedita Mallick , University of Illinois at Urbana-Champaign, USA
Jeffrey C. Carlyle , University of Illinois at Urbana-Champaign, USA
Francis M. David , University of Illinois at Urbana-Champaign, USA
Roy H. Campbell , University of Illinois at Urbana-Champaign, USA
ABSTRACT
The users of today's operating systems demand high reliability and security. However, faults introduced outside of the core operating system by buggy and malicious device drivers can significantly impact these dependability attributes. To help improve driver isolation, we propose an approach that utilizes the latest hardware virtualization support to efficiently sandbox each device driver in its own minimal Virtual Machine (VM) so that the kernel is protected from faults in these drivers. We present our implementation of a low-overhead virtual-machine based framework which allows reuse of existing drivers. <p>We have constructed a prototype to demonstrate that it is feasible to utilize existing hardware virtualization techniques to allow device drivers in a VM to communicate with devices directly without frequent hardware traps into the Virtual Machine Monitor (VMM). We have implemented a prototype parallel port driver which interacts through iKernel to communicate with a physical LED device.</p>
INDEX TERMS
null
CITATION

R. H. Campbell et al., "iKernel: Isolating Buggy and Malicious Device Drivers Using Hardware Virtualization Support," 2007 IEEE International Symposium on Dependable, Autonomic and Secure Computing(DASC), Columbia, MD, 2007, pp. 134-144.
doi:10.1109/DASC.2007.16
84 ms
(Ver 3.3 (11022016))