The isolation of security critical components from an untrusted OS allows to both protect applications and to harden the OS itself, for instance by run-time monitoring. Virtualization of the memory subsystem is a key component to provide such isolation. We present the design, implementation and verification of a virtualization platform for the ARMv7-A processor family. Our design is based on direct paging, an MMU virtualization mechanism previously introduced by Xen for the x86 architecture, and used later with minor variants by the Secure Virtual Architecture, SVA. We show that the direct paging mechanism can be implemented using a compact design, suitable for formal verification down to a low level of abstraction, without penalizing syste...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
Hypervisors are a popular mechanism for implementing software virtualization. Since hypervisors exec...
This paper describes an efficient and robust approach to provide a safe execution environment for an...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
In order to host a general purpose operating system, hypervisors need to virtualize the CPU memory s...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA...
This paper presents the first results from the ongoing research project HASPOC, developing a high as...
Virtual memory is an essential mechanism for enforcing security boundaries, but its relaxed-memory c...
The security of embedded systems can be dramatically improved through the use of formally verified i...
Separation between processes on top of an operating system or between guests in a virtualized enviro...
We present an analysis of the virtualizability of the ARMv7-A architecture carried out in the contex...
Virtualization has grown increasingly popular, thanks to its benefits of isolation, management, and ...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
Hypervisors are a popular mechanism for implementing software virtualization. Since hypervisors exec...
This paper describes an efficient and robust approach to provide a safe execution environment for an...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
The isolation of security critical components from an untrusted OS allows to both protect applicatio...
In order to host a general purpose operating system, hypervisors need to virtualize the CPU memory s...
Over the last years, security-kernels have played a promising role in reshaping the landscape of pla...
In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA...
This paper presents the first results from the ongoing research project HASPOC, developing a high as...
Virtual memory is an essential mechanism for enforcing security boundaries, but its relaxed-memory c...
The security of embedded systems can be dramatically improved through the use of formally verified i...
Separation between processes on top of an operating system or between guests in a virtualized enviro...
We present an analysis of the virtualizability of the ARMv7-A architecture carried out in the contex...
Virtualization has grown increasingly popular, thanks to its benefits of isolation, management, and ...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
Hypervisors are a popular mechanism for implementing software virtualization. Since hypervisors exec...
This paper describes an efficient and robust approach to provide a safe execution environment for an...