Nova

Steinberg, Udo; Kauer, Bernhard

doi:10.1145/1755913.1755935

Cited by 231 publications

(11 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another open-source hypervisor geared towards having a small footprint for its use in embedded systems is NOVA [106]. According to its developers, the hypervisor is the base of every other component of a system that uses it, so it should be as small and trusty as possible.…”

Section: E Other Hypervisorsmentioning

confidence: 99%

A Comprehensive Survey on the Use of Hypervisors in Safety-Critical Systems

2023

View full text Add to dashboard Cite

Virtualization has become one of the main tools for making efficient use of the resources offered by multicore embedded platforms. In recent years, even sectors such as space, aviation, and automotive, traditionally wary of adopting this type of technology due to the impact it could have on the safety of their systems, have been forced to introduce it into their day-to-day work, as their applications are becoming increasingly complex and demanding. This article provides a comprehensive review of the research work that uses or considers the use of a hypervisor as the basis for building a virtualized safetycritical embedded system. Once the hypervisors developed or adapted for this type of system have been identified, an exhaustive qualitative comparison is made between them. an exhaustive qualitative comparison is made between them. To the best of our knowledge, this is the first time that all this information is collected in a single article. Therefore, the main contribution of this article is that it collects and categorizes the information of each hypervisor and compares them with each other, so that this article can be used as a starting point for future researchers in this area, who will be able to quickly check which hypervisor is best suited to their research needs.

show abstract

Section: E Other Hypervisorsmentioning

confidence: 99%

A Comprehensive Survey on the Use of Hypervisors in Safety-Critical Systems

2023

View full text Add to dashboard Cite

show abstract

“…NoHype [23] eliminates the virtualization layer at runtime, and each VM directly runs on statically assigned resources. NOVA [24] takes a microkernel approach to achieving a smaller TCB.…”

Section: Related Workmentioning

confidence: 99%

Instruction Filters for Mitigating Attacks on Instruction Emulation in Hypervisors

Ishiguro

Kono

2020

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Vulnerabilities in hypervisors are crucial in multi-tenant clouds and attractive for attackers because a vulnerability in the hypervisor can undermine all the virtual machine (VM) security. This paper focuses on vulnerabilities in instruction emulators inside hypervisors. Vulnerabilities in instruction emulators are not rare; CVE-2017-2583, CVE-2016-9756, CVE-2015-0239, CVE-2014-3647, to name a few. For backward compatibility with legacy x86 CPUs, conventional hypervisors emulate arbitrary instructions at any time if requested. This design leads to a large attack surface, making it hard to get rid of vulnerabilities in the emulator. This paper proposes FWinst that narrows the attack surface against vulnerabilities in the emulator. The key insight behind FWinst is that the emulator should emulate only a small subset of instructions, depending on the underlying CPU micro-architecture and the hypervisor configuration. FWinst recognizes emulation contexts in which the instruction emulator is invoked, and identifies a legitimate subset of instructions that are allowed to be emulated in the current context. By filtering out illegitimate instructions, FWinst narrows the attack surface. In particular, FWinst is effective on recent x86 micro-architectures because the legitimate subset becomes very small. Our experimental results demonstrate FWinst prevents existing vulnerabilities in the emulator from being exploited on Westmere and Skylake micro-architectures, and the runtime overhead is negligible.

show abstract

“…In addition, the microkernel technology has low efficiency, and large amounts of data need to be frequently transferred between user mode and kernel mode, especially to high‐speed devices, which causes serious delay and performance loss. In recent years, there have been many optimization technologies to improve the performance of microkernel technology, including the following: the IPC technology (such as asynchronous notification enhancement IPC and virtual message registers); the resource management technology (such as recursively page mapping and user mode controlled kernel memory); and the schedule technology (such as the lazy schedule and directly process switching). However, these technologies are always complex because their optimizations contrapose the properties of the new kernel and the driver architecture.…”

Section: Related Workmentioning

confidence: 99%

Studying shadow page cache to improve isolated drivers' performance

Zheng

Zhu

Dong

et al. 2017

Concurrency and Computation

View full text Add to dashboard Cite

Summary Using virtualization technology, users can reuse various existing operating systems and drivers to customize their application environments. However, faults that exist in the reused drivers threaten the users' customized environments. Chariot has been proposed to solve this problem. It isolates a driver by monitoring its real‐time performance and examining the correctness of its write operations. To capture the write operations, we found that it needs to keep the write permissions of shadow pages as read‐only, which may cause many page faults in the virtual machine monitor and has adversely affect the driver's performance. To address this, we propose a new algorithm that uses the shadow page cache to remit the page faults, based on the principle of delaying the closing of the write permissions of frequently accessed shadow pages. Experimental results show that using these shadow page caches, we can greatly the performance of isolated drivers without significantly impacting Chariot's isolation efficiency.

show abstract

Nova

Cited by 231 publications

References 31 publications

A Comprehensive Survey on the Use of Hypervisors in Safety-Critical Systems

A Comprehensive Survey on the Use of Hypervisors in Safety-Critical Systems

Instruction Filters for Mitigating Attacks on Instruction Emulation in Hypervisors

Studying shadow page cache to improve isolated drivers' performance

Contact Info

Product

Resources

About