Fine-grained I/O access control based on Xen virtualization for 3G/4G mobile devices

Although Xen's isolated driver domain (IDD) model enables strong system isolation by limiting the impact of driver faults to the driver domain itself, it results in severe security problems when malware in a guest domain tries to abuse mobile device's limited system resources by sending an extreme number of I/O requests to the IDD. In order to solve this problem, this paper presents a fine-grained I/O access control mechanism in an IDD. Requests from guest domains are managed by an accounting module in terms of CPU usage, with the calculation of estimated CPU consumption using regression equations. The requests are scheduled by an I/O access control enforcer according to security policies. As a result, our mechanism provides precise control on the CPU usage of a guest domain due to I/O device access, and prevents compromised guest domains from CPU overuse, performance degradation, and battery drain. We have implemented a prototype of our approach considering both network and storage devices with a real smart phone (SGH-i780) that runs two para-virtualized Linux kernels on top of Secure Xen on ARM. The evaluation shows our approach effectively protects a smart phone against excessive I/O attacks and guarantees availability.