research-article

Advanced System Resiliency Based on Virtualization Techniques for IoT Devices

Authors:

Mykolai Protsenko,

Felix C. FreilingAuthors Info & Claims

ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference

Pages 455 - 467

https://doi.org/10.1145/3485832.3485836

Published: 06 December 2021 Publication History

Abstract

An increasing number of powerful devices are equipped with network connectivity and are connected to the Internet of Things (IoT). Influenced by the steady growth of computing power of the devices, the paradigm of IoT-based service deployment is expected to change, following the example of cloud-based infrastructure: An embedded platform can be provided as-a-service to several independent application service suppliers. This fosters additional challenges concerning security and isolation. At the same time, recently revealed critical vulnerabilities like Ripple20 and Amnesia:33 show that embedded devices are not spared from wide-spread attacks.

In this paper, we define new trusted computing concepts, focusing on privilege separation among several entities sharing one physical device. The concepts guarantee remote recovery capabilities within a bounded amount of time, even if notable portions of the software stack have been compromised. We derive a resilient system architecture suitable for the secure operation of multiple isolated services on one embedded device. We integrate an interface for detecting intrusions and anomalies to enable the automatic recovery of compromised devices and prototype our system on a Nitrogen8M development board. Our evaluation shows that the overhead in terms of network throughput and CPU performance is low so that we believe that our concept is a meaningful step towards more resilient future IoT devices.

References

[1]

Anjali, Tyler Caraza-Harter, and Michael M. Swift. 2020. Blending Containers and Virtual Machines: A Study of Firecracker and GVisor. In Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (Lausanne, Switzerland) (VEE ’20). Association for Computing Machinery, New York, NY, USA, 101–113. https://doi.org/10.1145/3381052.3381315

Digital Library

[2]

Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1093–1110. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

Digital Library

[3]

L. Auer, C. Skubich, and M. Hiller. 2019. A Security Architecture for RISC-V based IoT Devices. In 2019 Design, Automation Test in Europe Conference Exhibition (DATE). 1154–1159.

[4]

Linux Kernel Authors. 2020. dm-verity. https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html. Accessed 2021-04-25.

[5]

Ahmed M. Azab, Peng Ning, Jitesh Shah, Quan Chen, Rohan Bhutkar, Guruprasad Ganesh, Jia Ma, and Wenbo Shen. 2014. Hypervision Across Worlds: Real-Time Kernel Protection from the ARM TrustZone Secure World. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (Scottsdale, Arizona, USA) (CCS ’14). Association for Computing Machinery, New York, NY, USA, 90–102. https://doi.org/10.1145/2660267.2660350

Digital Library

[6]

Arati Baliga, Xiaoxin Chen, and Liviu Iftode. 2006. Paladin: Automated Detection and Containment of Rootkit Attacks. Department of Computer Science, Rutgers University (2006).

[7]

Dave Benson. 2021. Protobuf-C. https://github.com/protobuf-c/protobuf-c. Accessed 2021-04-27.

[8]

Fredrik Björck, Martin Henkel, Janis Stirna, and Jelena Zdravkovic. 2015. Cyber Resilience – Dundamentals for a Definition. In New Contributions in Information Systems and Technologies. Springer, 311–316.

[9]

Marcel Busch, Florian Nicolai, Fabian Fleischer, Christian Rückert, Christoph Safferling, and Felix Freiling. 2021. Make Remote Forensic Investigations Forensic Again: Increasing the Evidential Value of Remote Forensic Investigations. In Digital Forensics and Cyber Crime, Sanjay Goel, Pavel Gladyshev, Daryl Johnson, Makan Pourzandi, and Suryadipta Majumdar (Eds.). Springer International Publishing, Cham, 23–43.

[10]

Keyan Cao, Yefan Liu, Gongjie Meng, and Qimeng Sun. 2020. An Overview on Edge Computing Research. IEEE access 8(2020), 85714–85728.

[11]

David Cerdeira, Nuno Santos, Pedro Fonseca, and Sandro Pinto. 2020. Sok: Understanding the Prevailing Security Vulnerabilities in Trustzone-Assisted TEE Systems. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 1416–1432.

[12]

Haibo Chen, Fengzhe Zhang, Cheng Chen, Ziye Yang, Rong Chen, Binyu Zang, Wenbo Mao, Haibo Chen, Fengzhe Zhang, Cheng Chen, Ziye Yang, Rong Chen, Binyu Zang, and Wenbo Mao. 2007. Tamper-Resistant Execution in an Untrusted Operating System Using A Virtual Machine Monitor.

[13]

Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger, Dan Boneh, Jeffrey Dwoskin, and Dan R.K. Ports. 2008. Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. SIGOPS Oper. Syst. Rev. 42, 2 (March 2008), 2–13. https://doi.org/10.1145/1353535.1346284

Digital Library

[14]

G. Cicero, A. Biondi, G. Buttazzo, and A. Patel. 2018. Reconciling Security with Virtualization: A Dual-Hypervisor Design for ARM TrustZone. In 2018 IEEE International Conference on Industrial Technology (ICIT). 1628–1633.

[15]

Embedded Microprocessor Benchmark Consortium. 2021. CoreMark®, an Industry-Standard Benchmark of Central Processing Units (CPU). https://github.com/eembc/coremark. Accessed 2021-04-27.

[16]

Microsoft Corporation. 2021. Azure Sphere. https://azure.microsoft.com/de-de/services/azure-sphere/. Accessed 2021-04-29.

[17]

C. Dall, S. Li, J. T. Lim, J. Nieh, and G. Koloventzos. 2016. ARM Virtualization: Performance and Architectural Implications. In 2016 ACM/IEEE 43rd Annual International Symposium on Computer Architecture (ISCA). 304–316.

[18]

Christoffer Dall, Shih-Wei Li, Jin Tack Lim, and Jason Nieh. 2015. A Measurement Study of ARM Virtualization Performance. (2015).

[19]

Christoffer Dall and Jason Nieh. 2013. KVM/ARM: Experiences Building the Linux ARM Hypervisor. (2013).

[20]

Boundary Devices. 2020. Nitrogen8M. https://boundarydevices.com/product/nitrogen8m/. Accessed 2021-04-25.

[21]

Boundary Devices. 2021. Boundary Devices Kernel Tree for i.MX6/i.MX7/i.MX8.https://github.com/boundarydevices/linux-imx6. Accessed 2021-04-27.

[22]

D. Dolev and A. Yao. 1983. On the Security of Public Key Protocols. IEEE Transactions on Information Theory 29, 2 (1983), 198–208.

Digital Library

[23]

George W. Dunlap, Samuel T. King, Sukru Cinar, Murtaza A. Basrai, and Peter M. Chen. 2003. ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. SIGOPS Oper. Syst. Rev. 36, SI (Dec. 2003), 211–224. https://doi.org/10.1145/844128.844148

Digital Library

[24]

Karim Eldefrawy, Gene Tsudik, Aurélien Francillon, and Daniele Perito. 2012. SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust. In NDSS, Vol. 12. 1–15.

[25]

Hewlett Packard Enterprise. 2021. Netperf. https://github.com/HewlettPackard/netperf. Accessed 2021-04-27.

[26]

Scalable Platforms Management Forum. 2011. Redfish Scalable Platforms Management API Specification 1.5.0. https://www.dmtf.org/sites/default/files/standards/documents/DSP0266_1.5.0.pdf. Accessed 2021-04-29.

[27]

Felix C. Freiling and Sukumar Ghosh. 2005. Code Stabilization. In Self-Stabilizing Systems, Sébastien Tixeuil and Ted Herman (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 128–139.

[28]

Tal Garfinkel, Mendel Rosenblum, 2003. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In NDSS, Vol. 3. 191–206.

[29]

Garfinkel, Tal and Pfaff, Ben and Chow, Jim and Rosenblum, Mendel and Boneh, Dan. 2003. Terra: A Virtual Machine-Based Platform for Trusted Computing. SIGOPS Oper. Syst. Rev. 37, 5 (Oct. 2003), 193–206. https://doi.org/10.1145/1165389.945464

Digital Library

[30]

Xinyang Ge, Hayawardh Vijayakumar, and Trent Jaeger. 2014. Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture. arxiv:1410.7747 [cs.CR]

[31]

Michael Godfrey and Mohammad Zulkernine. 2013. A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud. In 2013 IEEE Sixth International Conference on Cloud Computing. IEEE, 163–170.

Digital Library

[32]

Michael Godfrey and Mohammad Zulkernine. 2014. Preventing Cache-Based Side-Channel Attacks in a Cloud Environment. IEEE transactions on cloud computing 2, 4 (2014), 395–408.

[33]

Google. 2020. Android Things. https://developer.android.com/things. Accessed 2021-01-29.

[34]

Google. 2020. Protocol Buffers. https://developers.google.com/protocol-buffers. Accessed 2021-04-27.

[35]

Trusted Computing Group. 2018. Hardware Requirements for a Device Identifier Composition Engine. https://trustedcomputinggroup.org/wp-content/uploads/Hardware-Requirements-for-Device-Identifier-Composition-Engine-r78_For-Publication.pdf. Accessed 2021-04-11.

[36]

Trusted Computing Group. 2019. Trusted Platform Module Library Specification, Family 2.0, Level 00, Revision 01.59. https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part1_Architecture_pub.pdf. Accessed 2021-04-11.

[37]

Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, and Trent Jaeger. 2017. TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone. In Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services (Niagara Falls, New York, USA) (MobiSys ’17). Association for Computing Machinery, New York, NY, USA, 488–501. https://doi.org/10.1145/3081333.3081349

Digital Library

[38]

Stephen Herwig, K. Harvey, George Hughey, R. Roberts, and D. Levin. 2019. Measurement and Analysis of Hajime, a Peer-to-peer IoT Botnet. In NDSS.

[39]

M Shamim Hossain and Ghulam Muhammad. 2019. Emotion Recognition Using Secure Edge and Cloud Computing. Information Sciences 504(2019), 589–601.

Digital Library

[40]

Manuel Huber, Stefan Hristozov, Simon Ott, Vasil Sarafov, and Marcus Peinado. 2020. The Lazarus Effect: Healing Compromised Devices in the Internet of Small Things. arXiv preprint arXiv:2005.09714(2020).

[41]

Business Insider. 2020. Internet of Things Report 2020. https://www.businessinsider.com/internet-of-things-report. Accessed 2021-04-25.

[42]

NEC Intel, Hewlett-Packard and Dell. 2013. Intelligent Platform Management Interface Specification v2.0. https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ipmi-second-gen-interface-spec-v2-rev1-1-markup.pdf. Accessed 2021-04-29.

[43]

Stephen T Jones, Andrea C Arpaci-Dusseau, Remzi H Arpaci-Dusseau, 2006. Antfarm: Tracking Processes in a Virtual Machine Environment. In USENIX Annual Technical Conference, General Track. 1–14.

Digital Library

[44]

Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-Level Protection against Cache-Based Side Channel Attacks in the Cloud. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 189–204.

[45]

Srinivas Krishnan, Kevin Z Snow, and Fabian Monrose. 2010. Trail of Bytes: Efficient Support for Forensic Analysis. In Proceedings of the 17th ACM conference on Computer and communications security. 50–60.

Digital Library

[46]

Forescout Research Labs. 2020. How TCP/IP Stacks Breed Critical Vulnerabilities in IoT, OT and IT Devices. https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/. Accessed 2021-04-25.

[47]

Dayeol Lee, David Kohlbrenner, Shweta Shinde, Krste Asanović, and Dawn Song. 2020. Keystone: An Open Framework for Architecting Trusted Execution Environments. In Proceedings of the Fifteenth European Conference on Computer Systems (Heraklion, Greece) (EuroSys ’20). Association for Computing Machinery, New York, NY, USA, Article 38, 16 pages. https://doi.org/10.1145/3342195.3387532

Digital Library

[48]

J.Y.T. Leung. 2004. Handbook of Scheduling: Algorithms, Models, and Performance Analysis. CRC Press. https://books.google.de/books?id=MAY1ZstmGPkC

Digital Library

[49]

Linaro Limited. 2020. Open Portable Trusted Execution Environments. https://www.op-tee.org/. Accessed 2021-04-27.

[50]

Linaro Limited. 2020. Open Portable Trusted Execution Environments - Code Size FAQ. https://optee.readthedocs.io/en/latest/faq/faq.html#q-what-is-the-size-of-op-tee-itself. Accessed 2021-04-27.

[51]

Linaro Limited. 2020. TF-A. https://www.trustedfirmware.org/projects/tf-a/. Accessed 2021-04-27.

[52]

F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. 2015. Last-Level Cache Side-Channel Attacks are Practical. In 2015 IEEE Symposium on Security and Privacy. 605–622. https://doi.org/10.1109/SP.2015.43

Digital Library

[53]

ARM Ltd.2013. Architecture Reference Manual for ARMv8-A. https://developer.arm.com/documentation/ddi0487/fc. Accessed 2021-01-29.

[54]

Aravind Machiry, Eric Gustafson, Chad Spensky, Christopher Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna. 2017. BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments. In NDSS.

[55]

J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. 2010. TrustVisor: Efficient TCB Reduction and Attestation. In 2010 IEEE Symposium on Security and Privacy. 143–158. https://doi.org/10.1109/SP.2010.17

Digital Library

[56]

Richard McDougall and Jennifer Anderson. 2010. Virtualization Performance: Perspectives and Challenges ahead. ACM SIGOPS Operating Systems Review 44, 4 (2010), 40–56.

Digital Library

[57]

MITRE. 2020. CVE-2020-11901. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11901. Accessed 2021-04-25.

[58]

R. Morabito, J. Kjällman, and M. Komu. 2015. Hypervisors vs. Lightweight Virtualization: A Performance Comparison. In 2015 IEEE International Conference on Cloud Engineering. 386–393. https://doi.org/10.1109/IC2E.2015.74

Digital Library

[59]

Jan Tobias Mühlberg, Job Noorman, and Frank Piessens. 2015. Lightweight and Flexible Trust Assessment Modules for the Internet of Things. In Computer Security – ESORICS 2015, Günther Pernul, Peter Y A Ryan, and Edgar Weippl(Eds.). Springer International Publishing, Cham, 503–520.

Digital Library

[60]

Job Noorman, Pieter Agten, Wilfried Daniels, Raoul Strackx, Anthony Van Herrewege, Christophe Huygens, Bart Preneel, Ingrid Verbauwhede, and Frank Piessens. 2013. Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base. In 22nd USENIX Security Symposium (USENIX Security 13). USENIX Association, Washington, D.C., 479–498. https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/noorman

[61]

Job Noorman, Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens, Pieter Maene, Bart Preneel, Ingrid Verbauwhede, Johannes Götzfried, Tilo Müller, and Felix Freiling. 2017. Sancus 2.0: A Low-Cost Security Architecture for IoT Devices. ACM Trans. Priv. Secur. 20, 3, Article 7 (July 2017), 33 pages. https://doi.org/10.1145/3079763

Digital Library

[62]

Jan Nordholz. 2020. Design of a Symbolically Executable Embedded Hypervisor. In Proceedings of the Fifteenth European Conference on Computer Systems. 1–16.

Digital Library

[63]

Anup Patel, Mai Daftedar, Mohamed Shalan, and M Watheq El-Kharashi. 2015. Embedded Hypervisor Xvisor: A Comparative Analysis. In 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing. IEEE, 682–691.

[64]

Ronald Perez, Reiner Sailer, Leendert van Doorn, 2006. vTPM: Virtualizing the Trusted Platform Module. In Proc. 15th Conf. on USENIX Security Symposium. 305–320.

[65]

Jonas Pfoh, Christian A Schneider, and Claudia Eckert. 2010. Exploiting the x86 Architecture to Derive Virtual Machine State Information. In SECURWARE. 166–175.

[66]

Sandro Pinto, Jorge Pereira, Tiago Gomes, Adriano Tavares, and Jorge Cabral. 2017. LTZVisor: TrustZone is the Key. In 29th Euromicro Conference on Real-Time Systems (ECRTS 2017)(Leibniz International Proceedings in Informatics (LIPIcs), Vol. 76), Marko Bertogna (Ed.). Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 4:1–4:22. https://doi.org/10.4230/LIPIcs.ECRTS.2017.4

[67]

Linux Manpage Project. 2020. vsock Linux Manual Page. https://man7.org/linux/man-pages/man7/vsock.7.html. Accessed 2021-04-25.

[68]

Rusty Russell. 2008. Virtio: Towards a de-Facto Standard for Virtual I/O Devices. SIGOPS Oper. Syst. Rev. 42, 5 (July 2008), 95–103. https://doi.org/10.1145/1400097.1400108

Digital Library

[69]

Nuno Santos, Himanshu Raj, Stefan Saroiu, and Alec Wolman. 2014. Using ARM Trustzone to Build a Trusted Language Runtime for Mobile Applications. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems (Salt Lake City, Utah, USA) (ASPLOS ’14). Association for Computing Machinery, New York, NY, USA, 67–80. https://doi.org/10.1145/2541940.2541949

Digital Library

[70]

Amazon Web Services. 2021. Secure and Fast MicroVMs for Serverless Computing. https://firecracker-microvm.github.io/. Accessed 2021-04-27.

[71]

Amazon Web Services. 2021. Using the Firecracker Virtio-vsock Device. https://github.com/firecracker-microvm/firecracker/blob/master/docs/vsock.md. Accessed 2021-04-27.

[72]

Arvind Seshadri, Mark Luk, Ning Qu, and Adrian Perrig. 2007. SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles (Stevenson, Washington, USA) (SOSP ’07). Association for Computing Machinery, New York, NY, USA, 335–350. https://doi.org/10.1145/1294261.1294294

Digital Library

[73]

Frank Stajano and Ross Anderson. 2000. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In Security Protocols, Bruce Christianson, Bruno Crispo, James A. Malcolm, and Michael Roe (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 172–182.

[74]

Kuniyasu Suzaki, Akira Tsukamoto, Andy Green, and Mohammad Mannan. 2020. Reboot-Oriented IoT: Life Cycle Management in Trusted Execution Environment for Disposable IoT devices. In Annual Computer Security Applications Conference. 428–441.

Digital Library

[75]

JSOF Tech. 2020. Ripple20 - CVE-2020-11901. https://www.jsof-tech.com/wp-content/uploads/2020/08/Ripple20_CVE-2020-11901-August20.pdf. Accessed 2021-04-25.

[76]

Furkan Turan and Ingrid Verbauwhede. 2019. Propagating Trusted Execution through Mutual Attestation. In Proceedings of the 4th Workshop on System Software for Trusted Execution (Huntsville, Ontario, Canada) (SysTEX ’19). Association for Computing Machinery, New York, NY, USA, Article 2, 6 pages. https://doi.org/10.1145/3342559.3365334

Digital Library

[77]

Tian Wang, Guangxue Zhang, Anfeng Liu, Md Zakirul Alam Bhuiyan, and Qun Jin. 2018. A Secure IoT Service Architecture with an Efficient Balance Dynamics Based on Cloud and Edge computing. IEEE Internet of Things Journal 6, 3 (2018), 4831–4843.

[78]

M. Xu, M. Huber, Z. Sun, P. England, M. Peinado, S. Lee, A. Marochko, D. Mattoon, R. Spiger, and S. Thom. 2019. Dominance as a New Trusted Computing Primitive for the Internet of Things. In 2019 2019 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, Los Alamitos, CA, USA, 1223–1238. https://doi.org/10.1109/SP.2019.00084

[79]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, San Diego, CA, 719–732. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom

Digital Library

[80]

ZDNet. 2020. Ripple20 Vulnerabilities will Haunt the IoT Landscape for Years to Come. https://www.zdnet.com/article/ripple20-vulnerabilities-will-haunt-the-iot-landscape-for-years-to-come/. Accessed 2021-04-25.

[81]

Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2012. Cross-VM Side Channels and Their Use to Extract Private Keys. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (Raleigh, North Carolina, USA) (CCS ’12). Association for Computing Machinery, New York, NY, USA, 305–316. https://doi.org/10.1145/2382196.2382230

Digital Library

[82]

Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, and Benjamin Beurdouche. 2017. HACL*: A Verified Modern Cryptographic Library. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 1789–1806.

Digital Library

Cited By

Röckl JBernsdorf NMüller TQuek TGao DZhou JCardenas A(2024)TeeFilter: High-Assurance Network Filtering Engine for High-End IoT and Edge Devices based on TEEsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637643(1568-1583)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637643
Röckl JLindenmeier CSchulze MMüller T(2024)Conditional Network Availability: Enhancing Connectivity Guarantees for TEE-Based Services2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00030(225-233)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00030
Hatipoglu ZYaman BCeylan SKose U(2024)Cyber Security Training with Generative Artificial Intelligence Supported Web Platform Using IoT Cyber Threat Scenarios2024 Cyber Awareness and Research Symposium (CARS)10.1109/CARS61786.2024.10778718(1-6)Online publication date: 28-Oct-2024
https://doi.org/10.1109/CARS61786.2024.10778718
Show More Cited By

Index Terms

Advanced System Resiliency Based on Virtualization Techniques for IoT Devices
1. Security and privacy
  1. Security in hardware
    1. Embedded systems security
    2. Tamper-proof and tamper-resistant designs
  2. Systems security
    1. Operating systems security
      1. Trusted computing
      2. Virtualization and security
2. Software and its engineering
  1. Software organization and properties
    1. Contextual software domains
      1. Software infrastructure
        Virtual machines

Index terms have been assigned to the content through auto-classification.

Recommendations

The Lazarus Effect: Healing Compromised Devices in the Internet of Small Things
ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

We live in a time when billions of IoT devices are being deployed and increasingly relied upon. This makes ensuring their availability and recoverability in case of a compromise a paramount goal. The large and rapidly growing number of deployed IoT ...
ReHype: enabling VM survival across hypervisor failures
VEE '11: Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

With existing virtualized systems, hypervisor failures lead to overall system failure and the loss of all the work in progress of virtual machines (VMs) running on the system. We introduce ReHype, a mechanism for recovery from hypervisor failures by ...
ReHype: enabling VM survival across hypervisor failures
VEE '11

With existing virtualized systems, hypervisor failures lead to overall system failure and the loss of all the work in progress of virtual machines (VMs) running on the system. We introduce ReHype, a mechanism for recovery from hypervisor failures by ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '21: Proceedings of the 37th Annual Computer Security Applications Conference

December 2021

1077 pages

ISBN:9781450385794

DOI:10.1145/3485832

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 December 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Bundesministerium für Bildung und Forschung

Conference

ACSAC '21

ACSAC '21: Annual Computer Security Applications Conference

December 6 - 10, 2021

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
395
Total Downloads

Downloads (Last 12 months)51
Downloads (Last 6 weeks)2

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Röckl JBernsdorf NMüller TQuek TGao DZhou JCardenas A(2024)TeeFilter: High-Assurance Network Filtering Engine for High-End IoT and Edge Devices based on TEEsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637643(1568-1583)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637643
Röckl JLindenmeier CSchulze MMüller T(2024)Conditional Network Availability: Enhancing Connectivity Guarantees for TEE-Based Services2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00030(225-233)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00030
Hatipoglu ZYaman BCeylan SKose U(2024)Cyber Security Training with Generative Artificial Intelligence Supported Web Platform Using IoT Cyber Threat Scenarios2024 Cyber Awareness and Research Symposium (CARS)10.1109/CARS61786.2024.10778718(1-6)Online publication date: 28-Oct-2024
https://doi.org/10.1109/CARS61786.2024.10778718
Al Atiiq SGehrmann C(2024)Regaining Dominance in CIDER and LazarusIEEE Access10.1109/ACCESS.2024.345455512(124589-124603)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3454555
Eichler CRöckl JJung BSchlenk RMüller THönig T(2024)Profiling with trust: system monitoring from trusted execution environmentsDesign Automation for Embedded Systems10.1007/s10617-024-09283-128:1(23-44)Online publication date: 16-Feb-2024
https://dl.acm.org/doi/10.1007/s10617-024-09283-1
Jung BEichler CRockl JSchlenk RHonig TMuller T(2022)Trusted Monitor: TEE-Based System Monitoring2022 XII Brazilian Symposium on Computing Systems Engineering (SBESC)10.1109/SBESC56799.2022.9964869(1-8)Online publication date: 21-Nov-2022
https://doi.org/10.1109/SBESC56799.2022.9964869
Thyagaturu AShantharama PNasrallah AReisslein M(2022)Operating Systems and Hypervisors for Network Functions: A Survey of Enabling Technologies and Research StudiesIEEE Access10.1109/ACCESS.2022.319491310(79825-79873)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3194913

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents