In the era of IoT (Internet of Things), embedded devices ranging from mobile devices, e.g. mobile phones and smart watches, to sensor devices are getting important. As embedded devices process more and more security-sensitive information, there are various security attacks on the devices.
System virtualization technology is one of the promising technologies which can defend embedded devices against such security attacks by providing an isolated user execution environment. ARM processors typically used in embedded devices support system virtualization by the hardware extension called Virtualization Extension (VE). ARM VE incorporates both an additional processor mode as well as extended page table (EPT). A hypervisor, e.g. Xen on ARM and KVM/ARM, running on an ARM VE-enabled embedded device can monitor all the events such as system calls and exceptions generated by a guest virtual machine. This is the main motivation to use a hypervisor as a security monitor to protect an embedded device from security attacks on a guest virtual machine. However, the existing hypervisors running on ARM-based embedded devices, e.g. Xen on ARM and KVM/ARM, cannot be used as a security monitor because of high virtualization overhead and large trusted computing base (TCB). Therefore, it is critical to develop a small-sized hypervisor with low virtualization overhead on an embedded device.
In this thesis, we design and implement a hypervisor which is of small size (e.g. less than 4,000 Line of Codes). It is shown that the thin hypervisor monitors all the security-sensitive events such as system calls and exceptions generated by a guest virtual machine, with negligible virtualization overhead. The thin hypervisor is applied to handle a use case where trusted sensors should be supported, that is, sensor data should be sent only to a secure application. It shows the applicability of the proposed thin hypervisor to be used as a security monitor on an embedded device