An extensible secure OS architecture for embedded systems

Ning Li, Yuki Kinebuchi, Hiromasa Shimada, Tatsuo Nakajima

    Research output: Contribution to journalArticle

    1 Citation (Scopus)

    Abstract

    Some recent researches have shown that using a monitoring service outside the target system above hypervisors is an efficient way to protect the target system. The hypervisors isolate the monitoring service based on MMU-methods to improve security. However, The MMU-method may cause heavy overhead when there is no hardware support, which makes this method not viable for embedded processors that are rarely equipped with hardware virtualization extensions. In addition, the vulnerabilities that exist in hypervisors may compromise the isolation. In this paper, we propose a secure OS architecture that fits embedded systems without the dependency of a hypervisor. It provides a robust isolation between the monitoring service and the guest OS based on local memory, a hardware feature. In order to generalize this architecture, we adopt a secure pager to extend the local memory space (physically small) virtually by a swap mechanism with integrity checking of the monitoring service. The secure pager can also update the monitoring service to extend monitoring functions without disturbing the running of the guest OS. Comprehensive evaluations are made in our framework with one instance of embedded Linux as the guest OS and an isolated monitoring service running with the secure pager. The results demonstrate functions of the secure pager and influence of the secure pager on Linux in our system. On processors with a proper architecture, we can build an extensible secure OS architecture with reasonable resource consumption, without the issue of heavy overhead to the guest OS.

    Original languageEnglish
    Pages (from-to)650-659
    Number of pages10
    JournalJournal of Information Processing
    Volume21
    Issue number4
    DOIs
    Publication statusPublished - 2013

    Fingerprint

    Embedded systems
    Monitoring
    Computer hardware
    Data storage equipment
    Hardware

    Keywords

    • Embedded systems
    • Multi-core
    • Secure architecture

    ASJC Scopus subject areas

    • Computer Science(all)

    Cite this

    An extensible secure OS architecture for embedded systems. / Li, Ning; Kinebuchi, Yuki; Shimada, Hiromasa; Nakajima, Tatsuo.

    In: Journal of Information Processing, Vol. 21, No. 4, 2013, p. 650-659.

    Research output: Contribution to journalArticle

    Li, Ning ; Kinebuchi, Yuki ; Shimada, Hiromasa ; Nakajima, Tatsuo. / An extensible secure OS architecture for embedded systems. In: Journal of Information Processing. 2013 ; Vol. 21, No. 4. pp. 650-659.
    @article{1d5cc2202fd44318bfa1790919acbab4,
    title = "An extensible secure OS architecture for embedded systems",
    abstract = "Some recent researches have shown that using a monitoring service outside the target system above hypervisors is an efficient way to protect the target system. The hypervisors isolate the monitoring service based on MMU-methods to improve security. However, The MMU-method may cause heavy overhead when there is no hardware support, which makes this method not viable for embedded processors that are rarely equipped with hardware virtualization extensions. In addition, the vulnerabilities that exist in hypervisors may compromise the isolation. In this paper, we propose a secure OS architecture that fits embedded systems without the dependency of a hypervisor. It provides a robust isolation between the monitoring service and the guest OS based on local memory, a hardware feature. In order to generalize this architecture, we adopt a secure pager to extend the local memory space (physically small) virtually by a swap mechanism with integrity checking of the monitoring service. The secure pager can also update the monitoring service to extend monitoring functions without disturbing the running of the guest OS. Comprehensive evaluations are made in our framework with one instance of embedded Linux as the guest OS and an isolated monitoring service running with the secure pager. The results demonstrate functions of the secure pager and influence of the secure pager on Linux in our system. On processors with a proper architecture, we can build an extensible secure OS architecture with reasonable resource consumption, without the issue of heavy overhead to the guest OS.",
    keywords = "Embedded systems, Multi-core, Secure architecture",
    author = "Ning Li and Yuki Kinebuchi and Hiromasa Shimada and Tatsuo Nakajima",
    year = "2013",
    doi = "10.2197/ipsjjip.21.650",
    language = "English",
    volume = "21",
    pages = "650--659",
    journal = "Journal of Information Processing",
    issn = "0387-5806",
    publisher = "Information Processing Society of Japan",
    number = "4",

    }

    TY - JOUR

    T1 - An extensible secure OS architecture for embedded systems

    AU - Li, Ning

    AU - Kinebuchi, Yuki

    AU - Shimada, Hiromasa

    AU - Nakajima, Tatsuo

    PY - 2013

    Y1 - 2013

    N2 - Some recent researches have shown that using a monitoring service outside the target system above hypervisors is an efficient way to protect the target system. The hypervisors isolate the monitoring service based on MMU-methods to improve security. However, The MMU-method may cause heavy overhead when there is no hardware support, which makes this method not viable for embedded processors that are rarely equipped with hardware virtualization extensions. In addition, the vulnerabilities that exist in hypervisors may compromise the isolation. In this paper, we propose a secure OS architecture that fits embedded systems without the dependency of a hypervisor. It provides a robust isolation between the monitoring service and the guest OS based on local memory, a hardware feature. In order to generalize this architecture, we adopt a secure pager to extend the local memory space (physically small) virtually by a swap mechanism with integrity checking of the monitoring service. The secure pager can also update the monitoring service to extend monitoring functions without disturbing the running of the guest OS. Comprehensive evaluations are made in our framework with one instance of embedded Linux as the guest OS and an isolated monitoring service running with the secure pager. The results demonstrate functions of the secure pager and influence of the secure pager on Linux in our system. On processors with a proper architecture, we can build an extensible secure OS architecture with reasonable resource consumption, without the issue of heavy overhead to the guest OS.

    AB - Some recent researches have shown that using a monitoring service outside the target system above hypervisors is an efficient way to protect the target system. The hypervisors isolate the monitoring service based on MMU-methods to improve security. However, The MMU-method may cause heavy overhead when there is no hardware support, which makes this method not viable for embedded processors that are rarely equipped with hardware virtualization extensions. In addition, the vulnerabilities that exist in hypervisors may compromise the isolation. In this paper, we propose a secure OS architecture that fits embedded systems without the dependency of a hypervisor. It provides a robust isolation between the monitoring service and the guest OS based on local memory, a hardware feature. In order to generalize this architecture, we adopt a secure pager to extend the local memory space (physically small) virtually by a swap mechanism with integrity checking of the monitoring service. The secure pager can also update the monitoring service to extend monitoring functions without disturbing the running of the guest OS. Comprehensive evaluations are made in our framework with one instance of embedded Linux as the guest OS and an isolated monitoring service running with the secure pager. The results demonstrate functions of the secure pager and influence of the secure pager on Linux in our system. On processors with a proper architecture, we can build an extensible secure OS architecture with reasonable resource consumption, without the issue of heavy overhead to the guest OS.

    KW - Embedded systems

    KW - Multi-core

    KW - Secure architecture

    UR - http://www.scopus.com/inward/record.url?scp=84885711682&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84885711682&partnerID=8YFLogxK

    U2 - 10.2197/ipsjjip.21.650

    DO - 10.2197/ipsjjip.21.650

    M3 - Article

    AN - SCOPUS:84885711682

    VL - 21

    SP - 650

    EP - 659

    JO - Journal of Information Processing

    JF - Journal of Information Processing

    SN - 0387-5806

    IS - 4

    ER -