High Assurance Virtualization Engine (HAVEN)
This FPGA-based virtualization engine addresses the reliability, performance, and security limitations of current software-based virtualization technologies.
Virtualization technology has been around since the late 1960s. Initially, it was conceived to maximize utilization of expensive hardware by running multiple instances of an operating system (OS) using virtual machines (VM). In the past decade, virtualization has become popular due to its cost and space-saving advantages.
Virtualization consolidates underutilized servers and workstations while maintaining isolation. For software developers, virtualization provides an environment to develop, test, and debug system software such as kernel and device drivers. Traditionally, separate computers were required to develop and test system software. Virtualization also allows developers to test the reliability of an application by simulating hardware bottlenecks and failures.
- Increased reliability via a hardwareassisted virtual I/O subsystem for each VM.
- Improved performance by minimizing context switches back to the controller VM and by using a hardware virtual I/O manager.
- Improved security by protecting storage and communication channels using FPGA assisted encryption and authentication. The high assurance virtualization platform will enable:
- Use of virtualization in mission-critical and high-assurance applications.
- High-assurance/high-performance computing platform that provides application- level compartmentalization.
There are two main parts to HAVEN: a Secure Virtual I/O Manager (SIM) and a Secure Memory Manager (SMM). The SIM implements a virtual PCI controller along with multiple virtual Network Interface Cards (NICs) in conjunction with independent data buffers on a single FPGA. The CPU sees multiple NICs even though there is only one true physical card. The SMM registers a memory range with the CPU and ensures that all memory managed by the SMM is encrypted and only decrypted when it is moved to the CPU cache.
This work was done by Ramesh Karri, Nasir Memon, Vikram Padman, and Pratik Mathur of the Polytechnic Institute of NYU for the Air Force Research Laboratory. For more information, download the Technical Support Package (free white paper) at www.defensetechbriefs.com/tsp under the Electronics/Computers category. AFRL-0142
This Brief includes a Technical Support Package (TSP).
High Assurance Virtualization Engine (HAVEN)
(reference AFRL-0142) is currently available for download from the TSP library.
Don't have an account?
More From SAE Media Group
Embedded Technology
Using Virtualization to Secure Mobile Device Designs
Aerospace & Defense Tech Briefs
Deterministic and Modular Architecture for Embedded Vehicle Systems
Embedded Technology
Multicore Tools for Embedded Systems — Staying Ahead of the Game —
Aerospace & Defense Tech Briefs
Evaluating Key Certification Aspects of Multicore Platforms for Safety Critical Avionics Applications
Aerospace & Defense Tech Briefs
Testbed for Reconfigurable Network Security Research and Experimentation
Aerospace & Defense Tech Briefs
The Future of Managing Mission-Critical Systems
Aerospace & Defense Tech Briefs
Self-Aware Computing
Aerospace & Defense Tech Briefs
Multicore RTOS
Embedded Technology
Multicores Affect Algorithm Choices
Automotive Engineering
Closing Gap to Leverage Enhanced Computational Power for SDV Advancement
Embedded Technology
Multicore Processing: A Technological Dead End?
Embedded Technology
Using CompactPCI to Build Rugged Embedded Systems
Embedded Technology INSIDER
Visualization Tools Aid Multi-core Development
Aerospace & Defense Tech Briefs
Using High-Performance Computing Clusters to Support Fine-Grained Parallel Applications
Embedded Technology
Virtual Machine Manager
Embedded Technology
Managing a Network of Self-Encrypting Hard Drives
Embedded Technology
Implementing Rack-Level I/O Consolidation
Embedded Technology
Cloud Computing: What Are the Networking Implications?
Tech Briefs
Desktop Computer System Processes Satellite Data
Automotive Engineering
StreetDrone Proposes Top 10 Safety Rules for AV Developers
NASA Spinoff
NASA-Born Software Keeps Cloud Traffic Moving
Embedded Technology
New Standards Allow More CPU Options in Embedded Computing
Tech Briefs
A Reference Design for a RapidIO End Point
Embedded Technology
Using FPGAs to Improve x86 Processor I/O Flexibility
Embedded Technology INSIDER
Separation Kernel and Embedded Hypervisor
Embedded Technology INSIDER
Getting Real-Time Performance From A Full-Featured OS
Overview
The document is a Final Technical Report on the High Assurance Virtualization Engine (HAVEN), authored by Ramesh Karri, Nasir Memon, Vikram Padman, and Pratik Mathur from the Polytechnic Institute of NYU. It was published in May 2009 and is focused on advancements in virtualization technology, particularly in enhancing security and assurance in virtualized environments.
The report begins with a summary of virtualization technology, which has been in existence since the late 1960s. It outlines the limitations of existing virtualization architectures and presents the outcomes of the HAVEN project, which aims to address specific vulnerabilities in virtualization systems.
A significant portion of the report is dedicated to the architecture and components of HAVEN. It details the Secure Virtual I/O Manager (SIM) and the Secure Memory Manager (SMM), which are critical for managing I/O operations and memory in a secure manner. The SIM is responsible for virtualizing the PCI bus and devices, including the implementation of a virtual PCI controller and the virtualization of Ethernet MAC devices. The report discusses the performance improvements achieved through these implementations and the development of device drivers to support Ethernet virtualization.
The SMM section provides an overview of memory management in virtualization, comparing HAVEN's architecture with existing solutions like Xen. It elaborates on the implementation of the SMM and its role in ensuring secure memory management within the virtualized environment.
The report concludes with a summary of the findings and the implications of HAVEN for future virtualization technologies. It emphasizes the importance of high assurance in virtualization, particularly for applications requiring stringent security measures.
Overall, the document serves as a comprehensive resource for understanding the HAVEN project, its objectives, and its contributions to the field of secure virtualization. It highlights the ongoing challenges in virtualization security and the innovative solutions proposed by the HAVEN team to enhance the reliability and safety of virtualized systems. The report is intended for researchers, practitioners, and stakeholders interested in advanced computing and information security.
Top Stories
INSIDERDefense
New Raytheon and Lockheed Martin Agreements Expand Missile Defense Production
NewsAutomotive
Ford Announces 48-Volt Architecture for Future Electric Truck
INSIDERManufacturing & Prototyping
Active Strake System Cuts Cruise Drag, Boosts Flight Efficiency
ArticlesTransportation
Accelerating Down the Road to Autonomy
INSIDERMaterials
How Airbus is Using w-DED to 3D Print Larger Titanium Airplane Parts
Road ReadyTransportation
Webcasts
Electronics & Computers
Cooling a New Generation of Aerospace and Defense Embedded...
Power
Battery Abuse Testing: Pushing to Failure
Connectivity
A FREE Two-Day Event Dedicated to Connected Mobility
Automotive
Quiet, Please: NVH Improvement Opportunities in the Early Design Cycle
Transportation
Advantages of Smart Power Distribution Unit Design for Automotive &...
Aerospace
Sesame Solar's Nanogrid Tech Promises Major Gains in Drone Endurance