Embedded virtualization for the design of secure IoT applications

  title={Embedded virtualization for the design of secure IoT applications},
  author={Carlos Roberto Moratelli and Sergio Johann Filho and Marcelo Veiga Neves and Fabiano Hessel},
  journal={2016 International Symposium on Rapid System Prototyping (RSP)},
Embedded virtualization has emerged as a valuable way to reduce costs, improve software quality, and decrease design time. Additionally, virtualization can enforce the overall system’s security from several perspectives. One is security due to separation, where the hypervisor ensures that one domain does not compromise the execution of other domains. At the same time, the advances in the development of IoT applications opened discussions about the security flaws that were introduced by IoT… 

Figures from this paper

Secure and Dynamic Memory Management Architecture for Virtualization Technologies in IoT Devices

This article proposes the adaptation of ASMI (Architectural Support for Memory Isolation—a general architecture available in the literature for the improvement of the performance and security of virtualization technology) on the popular MIPS (Microprocessor without Interlocked Pipeline Stages) embedded virtualization platform, which could be adopted in embeddedvirtualization architectures for IoT devices.

Lightweight Security Architecture Based on Embedded Virtualization and Trust Mechanisms for IoT Edge Devices

This article defines a security architecture that integrates trust mechanisms with embedded virtualization, providing security from hardware to applications, and shows that the proposed architecture can be implemented with a smaller overhead and memory footprint compared to other proposed approaches in the literature.

A lightweight virtualization model to enable edge computing in deeply embedded systems

The Hellfire hypervisor is presented, a lightweight virtualization implementation that enables separation and improves security in IoT applications on DES and has a small footprint while keeping a low average virtualization overhead.

ACRN: a big little hypervisor for IoT development

ACRN is presented, a flexible, lightweight, scalable, and open source embedded hypervisor for IoT development that presents a consolidated system satisfying real-time and general-purpose needs simultaneously and adopting customer-friendly permissive BSD license provides a practical industry-grade solution with immediate readiness.

A Flexible FPGA-Assisted Framework for Remote Attestation of Internet Connected Embedded Devices

This thesis presents an FPGA-assisted framework for remote attestation, a security service that allows a remote device to prove to a verifying entity that it can be trusted i.e. that it has not been “hacked”.

Design and Implementation of an Interworking IoT Platform and Marketplace in Cloud of Things

This paper designs and implements a cloud-centric IoT platform that serves a purpose for registration and initialization of virtual objects so that technology tinkerers can consume them via the IoT marketplace and integrate them to build IoT applications.

μRTZvisor: A secure and safe real-time hypervisor

Virtualization has been deployed as a key enabling technology for coping with the ever growing complexity and heterogeneity of modern computing systems. However, on its own, classical virtualization

Hardware-assisted Machine Learning in Resource-constrained IoT Environments for Security: Review and Future Prospective

This work investigates into machine learning (ML) and deep learning (DL) methodologies for IoT device security and examines the benefits, drawbacks, and potential.



Exploring Container Virtualization in IoT Clouds

This paper explores the container-based virtualization on smart objects in the perspective of a IoT Cloud scenarios analyzing its advantages and performances.

Security of IoT systems: Design challenges and opportunities

A brief survey of IoT challenges and opportunities with an emphasis on security issues and several case studies that advocate the use of stable PUFs and digital PPUFs for several IoT security protocols are presented.

Internet of things (IoT) security: Current status, challenges and prospective measures

An overview of security principles, technological and security challenges, proposed countermeasures, and the future directions for securing the IoT is presented.

Security and privacy threats in IoT architectures

The strong view is that the IoT will be an important part of the global huge ICT infrastructure ("future Internet") humanity will be strongly relying on in the future with relatively few data centers connected to trillions of sensors and other "things" over gateways, various access networks and a global network connecting them.

A hypervisor approach with real-time support to the MIPS M5150 processor

This work presents a hypervisor implementation approach with real-time support to the MIPS M5150 processor which supports hardware-assisted virtualization, and shows that the implementation allows full-virtualization and communication among virtual machines with minimal overhead while providing strong spatial and temporal isolation between virtual machines.

Hardware-assisted interrupt delivery optimization for virtualized embedded platforms

An interrupt policy for an embedded hypervisor using hardware-assisted virtualization is proposed and experimental results show that the interrupt delivery jitter on virtualized systems is close to non-virtualized when the proposed approach is used.

MultiPARTES: Multicore Virtualization for Mixed-Criticality Systems

The MultiPARTES FP7 project aims at supporting mixed-criticality integration for embedded systems based on virtualization techniques for heterogeneous multicore processors by incorporating mechanisms that establish multiple partitions with strict temporal and spatial separation between the individual partitions.

A Hypervisor for MIPS-Based Architecture Processors - A Case Study in Loongson Processors

  • R. ZhouZhu Ai Kuan-Ching Li
  • Computer Science
    2013 IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing
  • 2013
The M-Hyper visor discussed in this paper is a real-time hyper visor designed for MIPS architecture and implemented in Loongson2F processor, based on the management program of para-virtualization whilst multiple partitions are scheduled to execute according to their priorities.

Embedded Hypervisor Xvisor: A Comparative Analysis

Experimental results on ARM architecture prove Xvisor's lower CPU overhead, higher memory bandwidth, lower lock synchronization latency and lower virtual timer interrupt overhead and thus overall enhanced virtualized embedded system performance.

NV-CFS: NVRAM-Assisted Scheduling Optimization for Virtualized Mobile Systems

  • Dan ZhangDuo LiuLiang LiangLei YaoKan ZhongZ. Shao
  • Computer Science
    2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems
  • 2015
NV-CFS, an user-centric virtual machine scheduler built for the ARM/KVM hypervisor, is proposed, which can improve the performance of mobile virtualization with NVRAM/DRAM hybrid main memory, and significantly reduce the task deadline miss ratio when compared to the traditional scheduling algorithm.