DARPA MobiVisor: An Architecture for High Assurance for Untrusted Applications on Wireless Handheld Devices via Lightweight Virtualization

Abstract

Abstract : This report summarizes the research and activities of the project entitled An Architecture for High Assurance for Untrusted Applications on Wireless Handheld Devices via Lightweight Virtualization or simply DARPA MobiVisor. In this work, GMU introduces a containment based security enforcement mechanism designed to contain applications inside virtual containers, separating the running instance of a program from the rest of the system while providing a complete execution environment that supports monitoring, profiling, and controlling applications. A two-fold approach is taken towards these goals: isolation through virtualization and resource management. Isolation addresses the containment of processes at process control and file system levels, whereas resource management handles accounting, profiling, and provisioning of system resources (including CPU, memory, network, battery, and storage, etc). With these mechanisms in place, it is believed that a wide range of security policies can be effectively enforced to provide a secure and lightweight execution environment for applications for smart handheld devices.