High Assurance Virtualization Engine (HAVEN)

Air Force Research Laboratory, Rome, New York

Tuesday, December 01 2009

This FPGA-based virtualization engine addresses the reliability, performance, and security limitations of current software-based virtualization technologies.

Virtualization technology has been around since the late 1960s. Initially, it was conceived to maximize utilization of expensive hardware by running multiple instances of an operating system (OS) using virtual machines (VM). In the past decade, virtualization has become popular due to its cost and space-saving advantages.

Virtualization consolidates underutilized servers and workstations while maintaining isolation. For software developers, virtualization provides an environment to develop, test, and debug system software such as kernel and device drivers. Traditionally, separate computers were required to develop and test system software. Virtualization also allows developers to test the reliability of an application by simulating hardware bottlenecks and failures.

HAVEN (High Assurance Virtualization ENgine) is a field programmable gate array (FPGA)-based virtualization technology that implements much of the traditional hypervisor functionality in FPGAs instead of in software. HAVEN was prototyped using FPGA-based secure co-processing to address the limitations of current virtualization technologies. Specifically, HAVEN:

• Increased reliability via a hardwareassisted virtual I/O subsystem for each VM.
• Improved performance by minimizing context switches back to the controller VM and by using a hardware virtual I/O manager.
• Improved security by protecting storage and communication channels using FPGA assisted encryption and authentication. The high assurance virtualization platform will enable:
• Use of virtualization in mission-critical and high-assurance applications.
• High-assurance/high-performance computing platform that provides application- level compartmentalization.

There are two main parts to HAVEN: a Secure Virtual I/O Manager (SIM) and a Secure Memory Manager (SMM). The SIM implements a virtual PCI controller along with multiple virtual Network Interface Cards (NICs) in conjunction with independent data buffers on a single FPGA. The CPU sees multiple NICs even though there is only one true physical card. The SMM registers a memory range with the CPU and ensures that all memory managed by the SMM is encrypted and only decrypted when it is moved to the CPU cache.

This work was done by Ramesh Karri, Nasir Memon, Vikram Padman, and Pratik Mathur of the Polytechnic Institute of NYU for the Air Force Research Laboratory. For more information, download the Technical Support Package (free white paper) at www.defensetechbriefs.com/tsp under the Electronics/Computers category. AFRL-0142