Virtualization technology is nowadays adopted in security-critical embedded systems to achieve higher performance and more design flexibility. However, it also comes with new security threats, where attackers leverage timing covert channels to exfiltrate sensitive information from a partition using a trojan. This paper presents a novel approach for the experimental assessment of timing covert channels in embedded hypervisors, with a case study on security assessment of a commercial hypervisor product (Wind River VxWorks MILS), in cooperation with a licensed laboratory for the Common Criteria security certification. Our experimental analysis shows that it is indeed possible to establish a timing covert channel, and that the approach is useful for system designers for assessing that their configuration is robust against this kind of information leakage.
翻译:虚拟化技术目前被采用在安全临界嵌入系统中,以达到更高的性能和更大的设计灵活性,但也伴随着新的安全威胁,攻击者利用时间隐蔽渠道利用特洛伊木马从隔开处渗出敏感信息。本文介绍了对嵌入超视仪中的时间隐蔽渠道进行实验性评估的新办法,同时与获得许可证的通用标准安全认证实验室(Wind River VxWorks MILS)合作,对商业超视镜产品(Wind River VxWorks MILS)进行安全评估的案例研究。我们的实验分析表明,确实有可能建立一个时间隐蔽渠道,而且该方法对于系统设计者评估其配置是否稳健应对这种信息泄漏有用。
相关内容
微信扫码咨询专知VIP会员