Enhancing security of embedded linux on a multi-core processor

Ning Li, Yuki Kinebuchi, Tatsuo Nakajima

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    3 Citations (Scopus)

    Abstract

    While recent embedded systems start to own more and more functionalities, security requirements become more and more important. In this paper we propose an approach to enhance the security of embedded systems. In this approach SPUMONE, a thin virtualization layer, is selected to build a multi-OS environment for its low overhead. Xv6 runs as trusted OS for executing the monitoring service that detects the violation of the integrity of the Linux kernel while Linux as a general purpose OS. The monitoring service checks whether Linux is compromised or not. A secure pager that offers the spatial isolation based on the core-local memory is proposed to protect the integrity of the xv6 kernel located in the main memory, which can make Linux and xv6 run in high security level.

    Original languageEnglish
    Title of host publicationProceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011
    Pages117-121
    Number of pages5
    Volume2
    DOIs
    Publication statusPublished - 2011
    Event1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011 - Toyama
    Duration: 2011 Aug 282011 Aug 31

    Other

    Other1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011
    CityToyama
    Period11/8/2811/8/31

    Fingerprint

    Embedded systems
    Data storage equipment
    Monitoring
    Linux
    Virtualization

    ASJC Scopus subject areas

    • Computer Science Applications
    • Computer Networks and Communications

    Cite this

    Li, N., Kinebuchi, Y., & Nakajima, T. (2011). Enhancing security of embedded linux on a multi-core processor. In Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011 (Vol. 2, pp. 117-121). [6029887] https://doi.org/10.1109/RTCSA.2011.36

    Enhancing security of embedded linux on a multi-core processor. / Li, Ning; Kinebuchi, Yuki; Nakajima, Tatsuo.

    Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. Vol. 2 2011. p. 117-121 6029887.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Li, N, Kinebuchi, Y & Nakajima, T 2011, Enhancing security of embedded linux on a multi-core processor. in Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. vol. 2, 6029887, pp. 117-121, 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Co-located with the 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011, Toyama, 11/8/28. https://doi.org/10.1109/RTCSA.2011.36
    Li N, Kinebuchi Y, Nakajima T. Enhancing security of embedded linux on a multi-core processor. In Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. Vol. 2. 2011. p. 117-121. 6029887 https://doi.org/10.1109/RTCSA.2011.36
    Li, Ning ; Kinebuchi, Yuki ; Nakajima, Tatsuo. / Enhancing security of embedded linux on a multi-core processor. Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011. Vol. 2 2011. pp. 117-121
    @inproceedings{ebd51836f9c041dfbf374df09ca79692,
    title = "Enhancing security of embedded linux on a multi-core processor",
    abstract = "While recent embedded systems start to own more and more functionalities, security requirements become more and more important. In this paper we propose an approach to enhance the security of embedded systems. In this approach SPUMONE, a thin virtualization layer, is selected to build a multi-OS environment for its low overhead. Xv6 runs as trusted OS for executing the monitoring service that detects the violation of the integrity of the Linux kernel while Linux as a general purpose OS. The monitoring service checks whether Linux is compromised or not. A secure pager that offers the spatial isolation based on the core-local memory is proposed to protect the integrity of the xv6 kernel located in the main memory, which can make Linux and xv6 run in high security level.",
    author = "Ning Li and Yuki Kinebuchi and Tatsuo Nakajima",
    year = "2011",
    doi = "10.1109/RTCSA.2011.36",
    language = "English",
    isbn = "9780769545028",
    volume = "2",
    pages = "117--121",
    booktitle = "Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011",

    }

    TY - GEN

    T1 - Enhancing security of embedded linux on a multi-core processor

    AU - Li, Ning

    AU - Kinebuchi, Yuki

    AU - Nakajima, Tatsuo

    PY - 2011

    Y1 - 2011

    N2 - While recent embedded systems start to own more and more functionalities, security requirements become more and more important. In this paper we propose an approach to enhance the security of embedded systems. In this approach SPUMONE, a thin virtualization layer, is selected to build a multi-OS environment for its low overhead. Xv6 runs as trusted OS for executing the monitoring service that detects the violation of the integrity of the Linux kernel while Linux as a general purpose OS. The monitoring service checks whether Linux is compromised or not. A secure pager that offers the spatial isolation based on the core-local memory is proposed to protect the integrity of the xv6 kernel located in the main memory, which can make Linux and xv6 run in high security level.

    AB - While recent embedded systems start to own more and more functionalities, security requirements become more and more important. In this paper we propose an approach to enhance the security of embedded systems. In this approach SPUMONE, a thin virtualization layer, is selected to build a multi-OS environment for its low overhead. Xv6 runs as trusted OS for executing the monitoring service that detects the violation of the integrity of the Linux kernel while Linux as a general purpose OS. The monitoring service checks whether Linux is compromised or not. A secure pager that offers the spatial isolation based on the core-local memory is proposed to protect the integrity of the xv6 kernel located in the main memory, which can make Linux and xv6 run in high security level.

    UR - http://www.scopus.com/inward/record.url?scp=84855549779&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84855549779&partnerID=8YFLogxK

    U2 - 10.1109/RTCSA.2011.36

    DO - 10.1109/RTCSA.2011.36

    M3 - Conference contribution

    SN - 9780769545028

    VL - 2

    SP - 117

    EP - 121

    BT - Proceedings - 1st International Workshop on Cyber-Physical Systems, Networks, and Applications, CPSNA 2011, Workshop Held During RTCSA 2011

    ER -