Rapid Electromagnetic Analysis of Complex Systems

Virtualization on Mobile Devices

Research Project Title
Isolation Using Virtualization on Mobile Devices

Principal Investigators
Roy H. Campbell

Unit # 34
Project Overview

Increased computing power and enhanced networking capability have resulted in mobile phones evolving from pure communication devices to platforms that integrate communication, computation and control. As a result, such devices are increasingly targets for malicious attacks. Many of these attacks can be exacerbated by the complexity of the system itself. For example, modern phones contain a mix of critical infrastructure code used to control the radio, special Digital Rights Management (DRM) code for protected media, phone-related applications and drivers as well as third-party software that may not be secure or trusted. Currently, phones are susceptible to security problems because contemporary mechanisms used to define protection domains between mutually untrusting entities are insufficient. Ideally, the following systems should be isolated on secure phone architectures: software stacks for radio control, the DRM code and the OS for user applications. An example problem is the use of DRM on systems such as Linux. The DRM software runs within the kernel and it is vulnerable to any kernel-level access, for example, by loadable kernel modules. Aside from DRM, other sensitive code is also loaded to support various functionalities such as virtual private networks (VPN) and other business and productivity applications. Compromise of the kernel can provide access to many of these secrets.

To mitigate such problems, strongly isolated protection domains are necessary. The structure imposed by inter-domain communication prevents the encapsulation violations to which current monolithic kernel based security systems are susceptible. In the case of the mobile phone, the DRM, critical system services, and the OS kernel must exist in different domains so that untrusted code is isolated.

Isolation also helps to provide protection from licensing restrictions; especially those that arise with the use of proprietary and GPL code on the same hardware. From our discussions with Motorola, we have identified that engineering software architectures to avoid licensing problems presents a serious problem for engineers. Isolating proprietary code in separate domains may help avoid legal issues with licensing.

We will investigate the use of virtualization to create these protection domains as virtual machines (VM) to provide high levels of security and reliability. The virtual machine monitor (VMM) or hypervisor manages the VMs and controls the security of the system by enforcing interaction policies between the VMs. This research has two main objectives. The first goal is to design, build and evaluate a suitable virtualization solution for mobile devices. The second goal is to design and build high-performance secure communication channels between VMs.