Hwvmi

Reference 1

Introspection in hardware.

To match network connections to the application-layer while being isolated and undetected from the operating system or the hypervisor.

Motivation

Firewalls:

  • external firewall: external device only connected to network
    • cannot see the content of the target computer’s physical memory, thus
    • cannot make decision based on what code is accessing the traffic;

  • software-based firewall: installed on a target computer.

    • can be the target of attacks themselves.

  • This paper: external firewalls with added ability to analyze memory of the target.

Challenge & Solution

  • DMA to transparently read memory via hardware, bypassing the operating system.
  • 2016 Flexcore

    • Reference 1 D. Y. Deng, Flexible and efficient accelerator architecture for runtime monitoring. Cornell University, 2016. ↩

  1. SystemWall: An Isolated Firewall using Hardware-based Memory Introspection. by Sebastian Biedermann, Jakub Szefer. ISC (Proceedings of the International Security Conference), 2014. ↩
Created Oct 5, 2019 // Last Updated May 6, 2020

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?