Securing DMA through Virtualization

Schwarz, Oliver and Gehrmann, Christian (2012) Securing DMA through Virtualization. In: COMPENG 2012, 11-13 June 2012, Aachen, Germany.

PDF (Securing DMA through Virtualization) - Accepted Version

Official URL:


We present a solution for preventing guests in a virtualized system from using direct memory access (DMA) to access memory regions of other guests. The principles we suggest, and that we also have implemented, are purely based on software and standard hardware. No additional virtualization hardware such as an I/O Memory Management Unit (IOMMU) is needed. Instead, the protection of the DMA controller is realized with means of a common ARM MMU only. Overhead occurs only in pre- and postprocessing of DMA transfers and is limited to a few microseconds. The solution was designed with focus on security and the abstract concept of the approach was formally verified.

Item Type:Conference or Workshop Item (Paper)
Additional Information:ISBN: 978-1-4673-1614-9. Copyright 2012 IEEE. Published in the Proceedings of the 2nd IEEE International Conference on Complexity in Engineering, June 11-13, 2012, Aachen, Germany. DOI: 10.1109/CompEng.2012.6242958. Obtainable from Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works.
Uncontrolled Keywords:DMA, virtualization, security, embedded systems, direct memory access, formal verification
ID Code:5269
Deposited By:Oliver Schwarz
Deposited On:09 Aug 2012 10:54
Last Modified:17 Jan 2013 11:20

Repository Staff Only: item control page