@

초록

This paper proposes the Zero Trust Hypervisor Architecture (ZTHA) to simultaneously achieve security and real-time performance in the High-Performance Computing (HPC) environment of Software-Defined Vehicles (SDV). ZTHA applies the principle of separating the Control Plane and the Data Plane at the hypervisor level. All new communication sessions are strictly verified by a Gateway VM (the Control Plane) against multi-layered security policies, including VM identity and service access rights. Once a session is verified, its subsequent data packets are transmitted with low latency at near hardware line-rate speeds through a Fast Path established in Open vSwitch (OVS). This "verify first, then accelerate"approach pragmatically implements the principle of Zero Trust while minimizing performance degradation for real-time communications. Experimental results from a prototype demonstrate that ZTHA significantly improves Round-Trip Time (RTT), throughput, and jitter compared to conventional methods, and shows resilience by maintaining the stability of critical systems under attack loads. This study validates that ZTHA is an effective architecture for providing both robust security and deterministic real-time performance in the complex mixed-criticality environments of SDVs.

키워드