Bok-deuk Jeong

Fine-grained I/O access control of the mobile devices based on the Xen architecture

System virtualization is now available for mobile devices allowing for many advantages. Two of the major benefits from virtualization are system fault isolation and security. The isolated driver domain (IDD) model, a widely adopted architecture, enables strong system fault isolation by limiting the impact of driver faults to the driver domain itself. However, excessive I/O requests from a malicious domain to an IDD can cause CPU overuse of the IDD and performance degradation of applications in the IDD and other domains that share the same I/O device with the malicious do-main. If the IDD model is applied to mobile devices, this failure of performance isolation could also lead to battery drain, and thus it introduces a new severe threat to mobile devices. In order to solve this problem, we propose a fine-grained I/O access control mechanism in an IDD. Requests from guest domains are managed by an accounting module in terms of CPU usage, with the calcula-tion of estimated CPU consumption using regression equations. The requests are scheduled by an I/O access control enforcer ac-cording to security policies. As a result, our mechanism provides precise control on the CPU usage of a guest domain due to I/O device access, and prevents malicious guest domains from CPU overuse, performance degradation, and battery drain. We have implemented a prototype of our approach considering both network and storage devices with a real smart phone (SGH-i780) that runs two para-virtualized Linux kernels on top of Secure Xen on ARM. The evaluation shows our approach effectively protects a smart phone against excessive I/O attacks and guarantees availability.

Seamless windowing for a future CE device running multiple operating systems

This paper presents a seamless windowing architecture for a virtualized CE device on which operating systems run simultaneously. Our approach allows users to run applications on multiple software platforms as if on a single platform.

A Virtual Window System for CE Devices Based on System Virtualization

Owing to the benefits of system virtualization, even CE devices have come to take advantage of the technology. However, due to the lack of windowing system which fits virtualization-based CE devices, it is not only inefficient but also difficult for end users to utilize the CE devices running multiple domains. In this paper we present an effective virtual window system for CE devices based on system virtualization. Our approach has three major advantages: (1) by modifying X window system, it provides shared windowing services between domains without dependency of a specific network protocol; (2) by providing a unified graphical user interface which integrates icons of all the applications from every domain, it frees users from remembering which applications are located in which domain and from doing tedious operations for application launching and installation; (3) it provides efficiency in terms of size (storage and memory) and performance to CE devices. We have implemented a prototype of the virtual window system on the basis of Secure Xen on ARM. Our evaluation shows that our approach is usable and efficient enough to be practically adopted for CE devices based on system virtualization.