DBox:宏内核下各种设备驱动程序的高性能安全盒

DBox:High-performance Secure Boxes for Various Device Drivers of Monolithic Kernels

越来越多和宏内核操作系统中使用的设备驱动程序相关的漏洞被发现,这些漏洞严重危害操作系统的安全性和可靠性.现有的解决方案无法既能为操作系统内核提供强有力的保护又能达到与原生系统相近的性能.在本文中,我们提出了一个称为DBox的驱动程序隔离框架解决方案同时考虑系统的安全性和性能.DBox为设备驱动程序提供了一个基于虚拟化的安全容器,使得驱动程序和主机系统有效隔离,并通过通用I/O交互接口实现对多种设备驱动的支持.我们通过对EPT页表和IOMMU地址翻译表的修改,创建了一块基于连续物理内存的共享内存,实现了硬件设备、驱动程序和主机系统内核之间的高性能通信基础.我们通过多核并行化、高效消息传递、零拷贝和批量数据传输等机制深度优化了I/O性能,在大多数情况下DBox中的驱动程序都可以达到与原始内核相同的性能.在DBox中添加新驱动程序支持无需修改驱动程序代码,使得DBox方案在现实环境中易于采用.我们在DBox中实现了四个常见驱动程序类别(NIC,块设备,UART和输入设备),经过实验表明,TCP/UDP吞吐量、往返时延、块设备吞吐量、串口吞吐量、串口往返时延及键盘响应时间的性能下降均在5%以下.

More and more vulnerabilities have been discovered on device drivers used in monolithic kernels and thus seriously jeopardize the security and reliability of commodity OSs.Existing approaches resolving above issue either do not offer strong protections for the OS kernels or suffer the performance degradation compared to the original I/O performance.In this paper,we propose a driver isolation framework called DBox with the consideration of both security and performance.DBox offers based virtualization secure containers which isolates the device driver from the host system.DBox can host device drivers and advanced common I/O exchanging APIs for universal driver supports.We create a block of shared memory based the physically-consecutive memory block by modifying the EPT table and the IOMMU address translation table,implement the high performance communication basement.Moreover,we deeply optimize the I/O performance through some mechanisms such as multi-core parallel processing,efficient messaging,zero copying,and bulk data transferring,so that in most cases drivers in DBox are able to achieve the same performance as in the original kernel.Adding a new driver support in DBox no need to modify the driver’s code,which makes DBox easy to adopt in practice.We implement DBox with the initial support of four common driver categories,NIC,block device,UART,and input accessories.Experiments show that the performance drops of TCP/UDP throughput,round trip time,block device throughput,serial port throughput,serial port round trip time,and keyboard response time are all below 5%.