Your SlideShare is downloading. ×
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
2011 10-19
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

2011 10-19

575

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
575
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • http://en.wikipedia.org/wiki/Memory_management_unit
  • http://en.wikipedia.org/wiki/CPU_cache
  • Transcript

    • 1. Features for Secure MobileDevices Low-overhead system virtualization Separation of guest domains Hot plug-in/-out of guest domains Secure boot Secure storage Access control
    • 2. Issues in virtualization Efficiency is a major concern in embedded virtualization.  Paravirtualization approach is more efficient than full virtualization because expensive translation is not necessary. ARM CPU has only one unprivileged mode
    • 3. Architecture
    • 4. CPU Virtualization Physically two privilege modes (User mode and Supervisor mode) in ARM CPU. However,  Supervisor mode is assigned to Xen mode  User mode is split into two logical modes (kernel and user User mode is split into two logical modes (kernel and user process of Linux)  Address space protection between kernel mode and user process mode is guaranteed by ARM domain access control mechanism.
    • 5. CPU Virtualization User Mode Kernel Mode Xen Mode Logical mode split
    • 6. CPU Virtualization Exception Handling  Para-virtualization of system calls. ○ System calls are implemented with software interrupt. ○ In Xen on ARM, system calls are interpreted by Xen
    • 7. Memory Virtualization Isolation requirements  VMM memory region should be protected from guest OS kernel and user processes  Guest OS kernel memory should be protected from user processes  User process memory should be protected from other processes  Every virtual machine should be isolated from each other
    • 8. Memory Virtualization With paging mechanism we can protect Xen memory from guest OS / user processes. How about Guest OS and user processes isolation? They are in the same user space.
    • 9. Memory Virtualization Address Space Isolation  Simply separating the address space of applications and OS kernel will lead to significant cache/TLB flushing overheads since ARM v4/v5 architecture has virtually indexed virtually tagged (VIVT) cache, and Translation Look-aside Buffer (TLB) entries are not tagged with address space ID * ARM11 has virtually indexed physically tagged (VIPT) cache and Mpcore has physically indexed physically tagged (PIPT) cache
    • 10. Memory Virtualization CPU Cache  PIPT CPU TLB Cache DRAM Virtual Addr. Physical Addr. 32 bits 26 bits CPU Cache TLB DRAM  VIVT Virtual Addr. Physical Addr. 32 bits 26 bits  VIPT TLB CPU DRAM  PIVT Cache Virtual Addr. Physical Addr. 32 bits 26 bits
    • 11. Memory Virtualization Memory Map  Xen and guest domain (kernel + user process) are mapped on a same virtual address space. 0xFFFFFFFF Xen 0xFEFFFFFF 0xFF000000 Kernel 0xC0000000 Guest Domain User space 0xC0000000 0x00000000 Virtual Address Space Guest Domain Virtual Address Space
    • 12. Memory Virtualization Conventional MMU based paging mechanism can’t protect the OS kernel from application when they are running in the same user mode Domain Access Control is used to prevent a user process from accessing to address space of kernel process in ARM CPU user mode. c3, Domain Access Control Register
    • 13. Memory Virtualization The fields D15-D0 in the register define the access permissions for each one of the 16 domains. These domains can be either sections, large pages, or small pages of memory: Access Bit field Comment No access b00 Any access generates a domain fault Client b01 Accesses are checked based on the page table entry’s AP flag setting Reserved b10 Any access generates a domain fault Manager b11 Accesses are not checked against the access permission bits in the TLB entry, so a permission fault cannot be generated.
    • 14. Memory VirtualizationVMM mode D0 D0 D1 D2Kernel mode D1 VMM Client Client Client Kernel Client Client ClientUser process User No access No access D2 mode
    • 15. Memory Virtualization Keep Xen address translation info from being flushed.  After page table changes (domain/process switching),  TLB entries are flushed explicitly.  TLB lockdown mechanism provided by processor can be used to avoid TLB flushing and reloading  Two lockdown TLB entries used for Xen pages ○ ARM926 provides 8 lockdown TLB entries
    • 16. Memory Virtualization Benchmark
    • 17. System Boot Procedure Xen and dom 0 kernel images are loaded at predefined memory location. Hardware Initialization Load kernel image for Dom 0 Load and jump to Xen image Initialize system resources (Timer, UART, Memory, IRQ) Create Dom 0 Execute Dom 0 Create / Load guest Domains
    • 18. System Boot Procedure NOR Flash Partition for Dom 0 Partition 0 Partition 1 Partition 2 Xen Kernel Image File System Virtual space address Platform Load Address Xen Dom 0 I.MX21 0xC0008000 0xC1C00000
    • 19. VM Create / Destroy Guest domains (dom U) are created and destroyed by a user level application, dom0_util.  Dom0_util supports only create and destroy functions. Control guest domain Dom0_util Request Xen to create and execute / destroy dom U kernel, where this Domain control driver driver loads the kernel image. Xen Create and execute dom U / destroy dom U
    • 20. VM Create / DestroyNAND Flash Partition for Dom 1 Partition 0 Partition 1 Kernel Image File System Virtual space address Platform Load Address I.MX21 0xc3c00000
    • 21. Experiment Host OS: Ubuntu 10.04 Emulator: Goldfish emulator platform(QEMU 0.82 based Android emulator) Guest OS: mini-OS (it is used to test if Xen can work) Supported OS: uc OS II
    • 22. Experiment Screenshot

    ×