2024-09-03 –, Main Room
The concept of virtualization is almost as old as computer science itself, with a rich history of intertwined software and hardware evolution. Today virtualization is ubiquitous, and serves as the building block of software deployment and isolation.
This talk explores a wild idea: what if we tried to virtualize the firmware? Is it possible? What does virtualizing the firmware even mean? How can it be useful?
While we walk down the memory lane answering those questions, we will rediscover old theorems, clever software tricks, and the limitations of hardware. We will explore the virtualization of M-mode firmware on RISC-V, and present the design of Miralis, a security monitor that virtualizes RISC-V firmware.
This talk explores the idea of virtualizing firmware: running firmware in a less privileged, sandboxed environment. While virtualization is now a well understood concept, it is still restricted to higher privilege modes. In this talk we explain how we leveraged insight from the past to build, test, and partially verify Miralis, a security monitor that virtualizes RISC-V firmware.
Starting with Popek and Goldberg’s requirement for virtualization, we define the three properties of virtual machines: equivalence, isolation, and efficiency. We explain the hardware requirements to support simple and efficient virtualization through trap & emulate, the consequences of violating those requirements, and how it relates to firmware executing on modern architectures.
We then describe Miralis, our prototype security monitor that virtualizes M-mode on RISC-V platforms. We give insights into our ongoing attempt to (partially) verify the equivalence and isolation properties by leveraging the executable RISC-V specification and symbolic execution.
Finally, we conclude with use cases for which firmware virtualization could be useful, such security, debugging, and consolidation.
Charly is a PhD candidate at EPFL focusing on confidential computing, virtualization, and system security in general.
He worked on blocking transient-execution attacks on ARM CCA as part of the System Research group at Google, on a new and portable security monitor for x86 and RISC-V platforms, and on data migration for Intel SGX enclaves. Most recently, he his looking into firmware security and how firmware can be trusted by less privileged software.