This paper presents the first results from the ongoing research project HASPOC, developing a high assurance virtualization platform for the ARMv8 CPU architecture. Formal verification at machine code level guarantees information isolation between different guest systems (e.g.~OSs) running on the platform. To use the platform in networking scenarios, we allow guest systems to securely communicate with each other via platform-provided communication channels and to take exclusive control of peripherals for communication with the outside world. The isolation is shown to be formally equivalent to that of guests executing on physically separate platforms with dedicated communication channels crossing the air-gap. Common Criteria (CC) assurance...
A separation kernel simulates a distributed environment using a single physical machine by executing...
While security has become important in embedded systems, commodity operating systems often fail in e...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
This paper presents the first results from the ongoing research project HASPOC, developing a high as...
With commodity operating systems failing to establish unbreakable isolation of processes, there is a...
The need for security and virtualization capabilities in modern cyber-physical systems is increasing...
The security of embedded systems can be dramatically improved through the use of formally verified i...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
With the advent of the mobile industry, we face new security challenges. ARM architecture is deploye...
The security of embedded systems can be dramatically improved through the use of formally verified i...
In order to host a general purpose operating system, hypervisors need to virtualize the CPU memory s...
Virtual memory is an essential mechanism for enforcing security boundaries, but its relaxed-memory c...
peer-reviewedTrusted Computing is a relatively new approach to computer security in which a system s...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
A separation kernel simulates a distributed environment using a single physical machine by executing...
While security has become important in embedded systems, commodity operating systems often fail in e...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
This paper presents the first results from the ongoing research project HASPOC, developing a high as...
With commodity operating systems failing to establish unbreakable isolation of processes, there is a...
The need for security and virtualization capabilities in modern cyber-physical systems is increasing...
The security of embedded systems can be dramatically improved through the use of formally verified i...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
With the advent of the mobile industry, we face new security challenges. ARM architecture is deploye...
The security of embedded systems can be dramatically improved through the use of formally verified i...
In order to host a general purpose operating system, hypervisors need to virtualize the CPU memory s...
Virtual memory is an essential mechanism for enforcing security boundaries, but its relaxed-memory c...
peer-reviewedTrusted Computing is a relatively new approach to computer security in which a system s...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
A separation kernel simulates a distributed environment using a single physical machine by executing...
While security has become important in embedded systems, commodity operating systems often fail in e...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...