DARPA MobiVisor: An Architecture for High Assurance for Untrusted Applications on Wireless Handheld Devices via Lightweight Virtualization
Abstract
This report summarizes the research and activities of the project entitled "An Architecture for High Assurance for Untrusted Applications on Wireless Handheld Devices via Lightweight Virtualization" or simply DARPA MobiVisor. In this work, GMU introduces a containment based security enforcement mechanism designed to contain applications inside virtual containers, separating the running instance of a program from the rest of the system while providing a complete execution environment that supports monitoring, profiling, and controlling applications. A two-fold approach is taken towards these goals: isolation through virtualization and resource management. Isolation addresses the containment of processes at process control and file system levels, whereas resource management handles accounting, profiling, and provisioning of system resources (including CPU, memory, network, battery, and storage, etc). With these mechanisms in place, it is believed that a wide range of security policies can be effectively enforced to provide a secure and lightweight execution environment for applications for "smart" handheld devices.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 2010
- Accession Number
- ADA548297
Entities
People
- Angelos Stavrou
- Anup K. Ghosh
Organizations
- George Mason University