Changes between Version 1 and Version 2 of jazz/10-09-09

Timestamp:

Sep 9, 2010, 10:12:00 AM (14 years ago)

Author:

jazz

Comment:

--

jazz/10-09-09

@@ -2 +2 @@
 
  * [https://docs.google.com/present/view?id=ddqtts2d_396cf7pj4g8 Web Tools for Blended Learning:  Experiences in a real-world teaching] - 分享如何用 Web 2.0 的工具來提昇教學品質
+
+== Embedded Virtualization and Security ==
+
+ * [http://embeddedinnovator.com/securing-smart-grid-devices Securing Smart Grid Devices - Using Virtualization to Protect the Grid]
+   * 智慧電網的資料風險包括: - Data at risk includes:
+    * 診斷資訊 Diagnostic information
+    * 維護資訊 Maintenance information
+    * 身份識別 Identification (potentially including personal information)
+    * 帳單資訊 Billing data
+    * 系統狀態 System status
+   * 降低風險方案一：建立實體隔離的網路 - build physically separate secure and non-secure devices and networks. - 缺點：佈署成本太高!!
+   * 降低風險方案二：透過嵌入式虛擬化進行隔離 - leverage embedded virtualization to run both secure and non-secure software on the same device.
+     * 優點一：降低佈署成本
+     * 優點二：縮短系統安全驗證時間與人力成本 - Validating system security is a tedious, costly, and time-consuming task, and the effort required grows considerably for complex systems. A secure hypervisor can simplify matters by separating security-critical functions into trusted partitions and less critical software into non-trusted partitions. 
+   * [[Image(http://cloud1.opensystemsmedia.com/wind-river-figure-1_thumb.png)]]
+   * 虛擬化資安隔離需要內部通訊 - Communication between partitions is a key requirement for virtualized systems since there is always a need to transfer data and control from trusted partitions to non-trusted partitions.
+   * 因此 hypervisor 必須提供 Secure Inter-Process Communication (Secure IPC or SIPC)
+   * [[Image(http://cloud1.opensystemsmedia.com/wind-river-figure-2.png)]]
+   * 外部通訊部份則需要 Multiple Single-Level (MSL) networking. 像是 802.1Q for virtual LANs 會使用類似 QoS 的 Tag 封包，讓不同機敏性的資料縱使在同一個實體網路傳輸，也是安全的。
+   * [[Image(http://cloud1.opensystemsmedia.com/wind-river-figure-3_thumb.png)]]