Securing DMA through virtualization
2012 (English)In: 2012 IEEE Workshop on Complexity in Engineering, 2012, 118-123 p.Conference paper (Refereed)
We present a solution for preventing guests in a virtualized system from using direct memory access (DMA) to access memory regions of other guests. The principles we suggest, and that we also have implemented, are purely based on software and standard hardware. No additional virtualization hardware such as an I/O Memory Management Unit (IOMMU) is needed. Instead, the protection of the DMA controller is realized with means of a common ARM MMU only. Overhead occurs only in pre- and postprocessing of DMA transfers and is limited to a few microseconds. The solution was designed with focus on security and the abstract concept of the approach was formally verified.
Place, publisher, year, edition, pages
2012. 118-123 p.
IdentifiersURN: urn:nbn:se:kth:diva-112887DOI: 10.1109/CompEng.2012.6242958ScopusID: 2-s2.0-84866553727OAI: oai:DiVA.org:kth-112887DiVA: diva2:587518
2nd IEEE Workshop on Complexity in Engineering, COMPENG 2012;Aachen
FunderICT - The Next Generation
QC 201301152013-01-142013-01-142016-09-12Bibliographically approved