High Assurance Virtualization Engine (HAVEN)
This FPGA-based virtualization engine addresses the reliability, performance, and security limitations of current software-based virtualization technologies.
Virtualization technology has been around since the late 1960s. Initially, it was conceived to maximize utilization of expensive hardware by running multiple instances of an operating system (OS) using virtual machines (VM). In the past decade, virtualization has become popular due to its cost and space-saving advantages.
Virtualization consolidates underutilized servers and workstations while maintaining isolation. For software developers, virtualization provides an environment to develop, test, and debug system software such as kernel and device drivers. Traditionally, separate computers were required to develop and test system software. Virtualization also allows developers to test the reliability of an application by simulating hardware bottlenecks and failures.
- Increased reliability via a hardwareassisted virtual I/O subsystem for each VM.
- Improved performance by minimizing context switches back to the controller VM and by using a hardware virtual I/O manager.
- Improved security by protecting storage and communication channels using FPGA assisted encryption and authentication. The high assurance virtualization platform will enable:
- Use of virtualization in mission-critical and high-assurance applications.
- High-assurance/high-performance computing platform that provides application- level compartmentalization.
There are two main parts to HAVEN: a Secure Virtual I/O Manager (SIM) and a Secure Memory Manager (SMM). The SIM implements a virtual PCI controller along with multiple virtual Network Interface Cards (NICs) in conjunction with independent data buffers on a single FPGA. The CPU sees multiple NICs even though there is only one true physical card. The SMM registers a memory range with the CPU and ensures that all memory managed by the SMM is encrypted and only decrypted when it is moved to the CPU cache.
This work was done by Ramesh Karri, Nasir Memon, Vikram Padman, and Pratik Mathur of the Polytechnic Institute of NYU for the Air Force Research Laboratory. For more information, download the Technical Support Package (free white paper) at www.defensetechbriefs.com/tsp under the Electronics/Computers category. AFRL-0142
This Brief includes a Technical Support Package (TSP).
High Assurance Virtualization Engine (HAVEN)
(reference AFRL-0142) is currently available for download from the TSP library.
Don't have an account?
More From SAE Media Group
Embedded Technology
Using Virtualization to Secure Mobile Device Designs
Aerospace & Defense Tech Briefs
Deterministic and Modular Architecture for Embedded Vehicle Systems
Aerospace & Defense Tech Briefs
Evaluating Key Certification Aspects of Multicore Platforms for Safety Critical Avionics Applications
Embedded Technology
Multicore Tools for Embedded Systems — Staying Ahead of the Game —
Aerospace & Defense Tech Briefs
Testbed for Reconfigurable Network Security Research and Experimentation
Aerospace & Defense Tech Briefs
The Future of Managing Mission-Critical Systems
Aerospace & Defense Tech Briefs
Multicore RTOS
Automotive Engineering
Closing Gap to Leverage Enhanced Computational Power for SDV Advancement
Aerospace & Defense Tech Briefs
Self-Aware Computing
Embedded Technology
Multicores Affect Algorithm Choices
Embedded Technology
Multicore Processing: A Technological Dead End?
Embedded Technology
Using CompactPCI to Build Rugged Embedded Systems
Embedded Technology INSIDER
Visualization Tools Aid Multi-core Development
Aerospace & Defense Tech Briefs
Using High-Performance Computing Clusters to Support Fine-Grained Parallel Applications
Embedded Technology
Virtual Machine Manager
Embedded Technology
Managing a Network of Self-Encrypting Hard Drives
Embedded Technology
Implementing Rack-Level I/O Consolidation
Automotive Engineering
StreetDrone Proposes Top 10 Safety Rules for AV Developers
NASA Spinoff
NASA-Born Software Keeps Cloud Traffic Moving
Aerospace & Defense Tech Briefs
Protecting Critical Data on Unmanned Underwater Platforms
Embedded Technology
Cloud Computing: What Are the Networking Implications?
Tech Briefs
Desktop Computer System Processes Satellite Data
Motion Design
Microelectronics for Smarter Industrial Automation
Embedded Technology
New Standards Allow More CPU Options in Embedded Computing
Tech Briefs
A Reference Design for a RapidIO End Point
Embedded Technology
Using FPGAs to Improve x86 Processor I/O Flexibility
Overview
The document is a Final Technical Report on the High Assurance Virtualization Engine (HAVEN), authored by Ramesh Karri, Nasir Memon, Vikram Padman, and Pratik Mathur from the Polytechnic Institute of NYU. It was published in May 2009 and is focused on advancements in virtualization technology, particularly in enhancing security and assurance in virtualized environments.
The report begins with a summary of virtualization technology, which has been in existence since the late 1960s. It outlines the limitations of existing virtualization architectures and presents the outcomes of the HAVEN project, which aims to address specific vulnerabilities in virtualization systems.
A significant portion of the report is dedicated to the architecture and components of HAVEN. It details the Secure Virtual I/O Manager (SIM) and the Secure Memory Manager (SMM), which are critical for managing I/O operations and memory in a secure manner. The SIM is responsible for virtualizing the PCI bus and devices, including the implementation of a virtual PCI controller and the virtualization of Ethernet MAC devices. The report discusses the performance improvements achieved through these implementations and the development of device drivers to support Ethernet virtualization.
The SMM section provides an overview of memory management in virtualization, comparing HAVEN's architecture with existing solutions like Xen. It elaborates on the implementation of the SMM and its role in ensuring secure memory management within the virtualized environment.
The report concludes with a summary of the findings and the implications of HAVEN for future virtualization technologies. It emphasizes the importance of high assurance in virtualization, particularly for applications requiring stringent security measures.
Overall, the document serves as a comprehensive resource for understanding the HAVEN project, its objectives, and its contributions to the field of secure virtualization. It highlights the ongoing challenges in virtualization security and the innovative solutions proposed by the HAVEN team to enhance the reliability and safety of virtualized systems. The report is intended for researchers, practitioners, and stakeholders interested in advanced computing and information security.
Top Stories
INSIDERDesign
Venus Aerospace’s Rotating Detonation Rocket Engine Completes First Flight...
INSIDERDesign
Bombardier is Digitally Upgrading its Aircraft Design, Engineering and...
INSIDERDefense
How the US Army is Advancing Research in Robotics, AI and Autonomy
INSIDERManned Systems
New Copper Alloy Could Provide Breakthrough in Durability for Military Systems
Original EquipmentManned Systems
ACT Expo 2025: Heavy-Duty EVs, H2 Trucks and Tariff Talk Dominate Day One
Technology ReportPower
Webcasts
Defense
Soar to New Heights: Simulation-Driven Design for Safety in Electrified...
Software
Improving Signal and Power Integrity Performance in Automotive...
Aerospace
Transforming Quality Management with Data-Driven Analytics
Software
Enhancing Automotive Software Efficiency with vECU-based...
Aerospace
Precision Under Pressure: The Centerless Grinding Advantage in...
Photonics/Optics
Breaking Barriers in Space Communication with Optical Technology