Hardware virtualization based security solution for embedded systems

Abstract

We describe the implementation and the evaluation of a hypervisor level, hardware-enforced security solution suitable for the latest embedded platforms. Our solution is based on thin layer bare-metal hypervisor, a memory introspection engine and is validated on Silvermont microarchitecture based Intel x86 processors, running Windows. The approach is well suited to enhance the security of many POS and industrial embedded devices. We also present various kinds of attacks our solution defends against, and several remaining limitations.