• Title/Summary/Keyword: DMA security

Search Result 3, Processing Time 0.016 seconds

IOMMU Para-Virtualization for Efficient and Secure DMA in Virtual Machines

  • Tang, Hongwei;Li, Qiang;Feng, Shengzhong;Zhao, Xiaofang;Jin, Yan
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.12
    • /
    • pp.5375-5400
    • /
    • 2016
  • IOMMU is a hardware unit that is indispensable for DMA. Besides address translation and remapping, it also provides I/O virtual address space isolation among devices and memory access control on DMA transactions. However, currently commodity virtualization platforms lack of IOMMU virtualization, so that the virtual machines are vulnerable to DMA security threats. Previous works focus only on DMA security problem of directly assigned devices. Moreover, these solutions either introduce significant overhead or require modifications on the guest OS to optimize performance, and none can achieve high I/O efficiency and good compatibility with the guest OS simultaneously, which are both necessary for production environments. However, for simulated virtual devices the DMA security problem also exists, and previous works cannot solve this problem. The reason behind that is IOMMU circuits on the host do not work for this kind of devices as DMA operations of which are simulated by memory copy of CPU. Motivated by the above observations, we propose an IOMMU para-virtualization solution called PVIOMMU, which provides general functionalities especially DMA security guarantees for both directly assigned devices and simulated devices. The prototype of PVIOMMU is implemented in Qemu/KVM based on the virtio framework and can be dynamically loaded into guest kernel as a module, As a result, modifying and rebuilding guest kernel are not required. In addition, the device model of Qemu is revised to implement DMA access control by separating the device simulator from the address space of the guest virtual machine. Experimental evaluations on three kinds of network devices including Intel I210 (1Gbps), simulated E1000 (1Gbps) and IB ConnectX-3 (40Gbps) show that, PVIOMMU introduces little overhead on DMA transactions, and in general the network I/O performance is close to that in the native KVM implementation without IOMMU virtualization.

Research of the CCM security mode in a high-speed wireless modem (고속 무선 모뎀에서의 CCM 보안 모드 구현에 관한 연구)

  • Lee, Hyeon-Seok;Lee, Jang-Yeon;Cho, Jin-Woong
    • Proceedings of the KAIS Fall Conference
    • /
    • 2010.11a
    • /
    • pp.417-420
    • /
    • 2010
  • 최근 UWB, IEEE802.11n과 같은 고속 무선 통신에서는 고속의 암호/복호 처리가 요구되고 있다. 본 논문은 UWB, Zigbee, IEEE802.11과 같은 최신 무선 통신 기술에서 보안 기능의 근간이 되는 CCM(CTR+CBC-MAC) 보안 모드 구현에 관한 것이다. AES와 같은 블록암호알고리즘과 결합된 CCM 기능을 하드웨어로 구현하는 방법을 제시한다. 특히, MAC, DMA모듈과 Hard-wired된 형태로 구현하여 통신속도 저하없이 무선 데이터 송/수신과 동시에 실시간으로 암호/복호 연산을 수행할 수 있으며, CCM 구동 clock을 최소화하여 고속 동작과 저전력 설계의 목적을 달성할 수 있다.

  • PDF

A Study on the DVR System Realization with Watermarking and MPEG-4 for Realtime Processing Speed Improvement (워터마킹과 MPEG4를 적용한 DVR 시스템과 실시간 처리 속도 향상에 관한 연구)

  • Kim, Ja-Hwang;Hur, Chang-Wu;Ryu, Kwang-Ryol
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • v.9 no.2
    • /
    • pp.1107-1111
    • /
    • 2005
  • The DVR system realization with watermarking and MPEG-4 for real time processing speed improvement is presented in this paper. For the real time processing the system is used the DSP processor, Quick DMA for data transmission, watermarking for security and MPEG-4 compression for facility. The algorithms are that the operational structure has the internal memory of processor, and the optimal realization is suitable to form the DSP processor structure r processed for the iterative operations. The experimental result shows the real time processing is improved 12% over for the D1 image in comparison with the other system.

  • PDF