Towards Assessing Isolation Properties in Partitioning Hypervisors
Carmine Cesarano, Domenico Cotroneo, Luigi De Simone
TL;DR
This paper proposes a systematic framework for assessing and validating isolation properties in partitioning hypervisors, addressing the lack of comprehensive testing guidelines for security and safety certification.
Contribution
It introduces a structured approach to evaluate hypervisor isolation, bridging the gap between high-level standards and low-level testing requirements.
Findings
Framework provides clear testing guidelines
Enhances confidence in hypervisor isolation properties
Facilitates certification processes for partitioning hypervisors
Abstract
Partitioning hypervisor solutions are becoming increasingly popular, to ensure stringent security and safety requirements related to isolation between co-hosted applications and to make more efficient use of available hardware resources. However, assessment and certification of isolation requirements remain a challenge and it is not trivial to understand what and how to test to validate these properties. Although the high-level requirements to be verified are mentioned in the different security- and safety-related standards, there is a lack of precise guidelines for the evaluator. This guidance should be comprehensive, generalizable to different products that implement partitioning, and tied specifically to lower-level requirements. The goal of this work is to provide a systematic framework that addresses this need.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsEmbedded Systems Design Techniques · Real-Time Systems Scheduling · Distributed systems and fault tolerance