-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
We are proud to announce the availability of Muen version 0.7. The following major features and improvements have been implemented since the last announcement: === Support for Genode VM subjects Through the close collaboration with Genodelabs in Dresden [1], the Genode OS framework has been ported to run as subject on top of the Muen separation kernel. This allows the robust combination of the static, low-complexity Muen SK with the feature-rich and extensive Genode ecosystem. The result is a flexible platform for the construction of component-based high-assurance systems. For more information about our work in this area see the Genode release notes [2]. === Subject time mechanism Giving untrusted subjects access to high-resolution time sources is often problematic from a security perspective as it makes way to measure subtle timing differences in execution behavior, enabling side-channel attacks. One mechanism to make such attacks harder is to provide only coarse grained time sources to untrusted code. To this end we implemented a time virtualization mechanism by providing a timeserver component in SPARK 2014, which exports time information with microsecond granularity via shared memory. Only the timeserver has access to the TSC high-resolution timer of the CPU and the Real-Time Clock (CMOS/RTC). Other subjects derive the absolute and relative time from the exported values without the need to access hardware time sources. For Linux, we implemented a paravirtualized TSC driver and CMOS/RTC emulation in the associated subject monitor (SM). === Hardware and platform policy abstractions The XML system policy has been augmented with hardware resource and platform description abstractions. The hardware section describes the hardware resources provided by the target machine and can be automatically generated using the mugenhwcfg [3] tool. By providing an automated mechanism for hardware information collection, the process of supporting new target hardware has been greatly simplified. Using the platform layer, an unified view of the hardware resources across different physical machines can be achieved. This enables integrators to deploy the same system policy across a wide range of hardware targets. === Linux virtual filesystem and network interface drivers The muenfs [4] Linux kernel module implements a virtual file system that facilitates user-space access to inter-subject memory channels. Filesystem operations are used to exchange data with other subjects. The muennet [5] Linux kernel module implements a virtual network interface driver which sends and receives data via shared memory channels. From the perspective of a Linux user-space application, a network interface created using the muennet kernel module behaves just like an ordinary network interface. These new modules enable applications running on Linux to conveniently communicate and interact with other subjects of a component-based system running on Muen. Further changes and improvements include: * Support for Message Signaled Interrupts (MSI) * Debugserver subject written in Ada 2012 * VT subject written in Ada 2012 * Various toolchain improvements and optimizations One particularly exciting aspect of our work related to the aforementioned Genode framework is that we were able to utilize the base-hw x86_64_muen kernel port to execute 32-bit Windows (7-10) guest VMs using the Genode VirtualBox support on top of Muen. To achieve this, we implemented a VirtualBox hardware execution layer for hw_x86_64_muen. We plan to pursue this line of work in order to properly integrate Windows VM support as a feature of Muen. The mugenhwcfg tool for automated generation of hardware configuration is the result of a 12-week internship by Chen Chin Jieh, a student from the Nanyang Technological University Singapore. We are very happy with the result and would like to thank him for his contribution to the Muen project. Further information about Muen is available on the project website [6] and the git repository can be found at [7]. Please feel free to give the latest development version of Muen a try. Feedback is much appreciated! Kind regards, - - reto [1] - http://genode-labs.com/ [2] - http://genode.org/documentation/release-notes/15.08 [3] - http://git.codelabs.ch/?p=muen/mugenhwcfg.git [4] - http://git.codelabs.ch/?p=muen/linux/muenfs.git [5] - http://git.codelabs.ch/?p=muen/linux/muennet.git [6] - http://muen.codelabs.ch/ [7] - http://git.codelabs.ch/?p=muen.git -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWyvKGAAoJEKSefDzePM5mUhQP/jJMZR9xG6ADSwlxDy+PZvyi BjxcOGDNp3TKb/RZhuxwPLRDWQZpRW0HpzpDLEAY0wUFinlpROSlYbtDufCS1ZY+ Rjr9ENx6uGhoL2MqQ/d9UFDllMkIPh996Ete7RlsswjfT1k1fUxKpysjz6mLsNkz LwYCVolVtiAzBPhxdlDemlM/mZ+pvsSqZZjl8qadPJ4959sWBBYcLEBP7z3FGMS7 YFsHLjOSWo1XfkQdQEkyMPDhFUUbE2nlkGQrM95AJOTe+TWBuEzU1Pn4QVyb420r BQJb/Fv1tpX22mB5NgkkEjQN+gDBo7OHUni9EKzhYg6q2h7yEHL+2GdT19r36c3c eZqPEKNUQYa6d9CrZmOZ6un+X2/d3qKv1/bM2pf4szPxVaRCW2DJrxGOwXxodaIB sRnm4PBSxGURsFV67twAlXs2g7DVy4ptpBBCMnaFWpj6B1SrxB0AIo/YB0ptun2h q5+g5UvuSIzPJIlHEYuX4hjLkJI0sgtFlZYf22uJiyVp6wocU3obxZnCdDm1AIpi zxsGr0dqSxrBzmdaOVBr3NYWUmbOWoXK7hW+MMWXso6r/+IX5U8VFbkKw/raRnMR kRalzxth4biEYKaol0rB5H5o5d0WJ67oSW+bMddEJh+Do1sfnDkL8s4hA1uZ8Abz yCt0+FKB6guRY8fc8V7L =luYd -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
