| | 4 | |
| | 5 | == Embedded Virtualization and Security == |
| | 6 | |
| | 7 | * [http://embeddedinnovator.com/securing-smart-grid-devices Securing Smart Grid Devices - Using Virtualization to Protect the Grid] |
| | 8 | * 智慧電網的資料風險包括: - Data at risk includes: |
| | 9 | * 診斷資訊 Diagnostic information |
| | 10 | * 維護資訊 Maintenance information |
| | 11 | * 身份識別 Identification (potentially including personal information) |
| | 12 | * 帳單資訊 Billing data |
| | 13 | * 系統狀態 System status |
| | 14 | * 降低風險方案一:建立實體隔離的網路 - build physically separate secure and non-secure devices and networks. - 缺點:佈署成本太高!! |
| | 15 | * 降低風險方案二:透過嵌入式虛擬化進行隔離 - leverage embedded virtualization to run both secure and non-secure software on the same device. |
| | 16 | * 優點一:降低佈署成本 |
| | 17 | * 優點二:縮短系統安全驗證時間與人力成本 - Validating system security is a tedious, costly, and time-consuming task, and the effort required grows considerably for complex systems. A secure hypervisor can simplify matters by separating security-critical functions into trusted partitions and less critical software into non-trusted partitions. |
| | 18 | * [[Image(http://cloud1.opensystemsmedia.com/wind-river-figure-1_thumb.png)]] |
| | 19 | * 虛擬化資安隔離需要內部通訊 - Communication between partitions is a key requirement for virtualized systems since there is always a need to transfer data and control from trusted partitions to non-trusted partitions. |
| | 20 | * 因此 hypervisor 必須提供 Secure Inter-Process Communication (Secure IPC or SIPC) |
| | 21 | * [[Image(http://cloud1.opensystemsmedia.com/wind-river-figure-2.png)]] |
| | 22 | * 外部通訊部份則需要 Multiple Single-Level (MSL) networking. 像是 802.1Q for virtual LANs 會使用類似 QoS 的 Tag 封包,讓不同機敏性的資料縱使在同一個實體網路傳輸,也是安全的。 |
| | 23 | * [[Image(http://cloud1.opensystemsmedia.com/wind-river-figure-3_thumb.png)]] |
