Trustworthy isolation of DMA devices

Jonas Haglund, Roberto Guanciale
2020 Journal of Banking and Financial Technology  
We present a mechanism to trustworthy isolate I/O devices with direct memory access (DMA), which ensures that an isolated I/O device cannot access sensitive memory regions. As a demonstrating platform, we use the network interface controller (NIC) of an embedded system. We develop a run-time monitor that forces NIC reconfigurations, defined by untrusted software, to satisfy a security rule. We formalized the NIC in the HOL4 interactive theorem prover and we verified the design of the isolation
more » ... echanism. The verification is based on an invariant that is proved to be preserved by all NIC operations and that ensures that all memory accesses address allowed memory regions only. We demonstrate our approach by extending an existing Virtual Machine Introspection (VMI) with the monitor. The resulting platform prevents code injection in a connected and untrusted Linux. Keywords Formal verification · System security · Network interface controller The HOL4 proofs and the source code of the monitor are published at https ://githu b.com/kth-step/NIC-forma lizat ion-monit or.
doi:10.1007/s42786-020-00018-x fatcat:uv4o752sgjdwlm4n7wbd2pwgoi