Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Slides:



Advertisements
Similar presentations
Trusted System Elements and Examples CS461/ECE422 Fall 2011.
Advertisements

Operating System Security
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Chapter 6 Security Kernels.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
New Direction for Software Protection in Embedded Systems Department of EECS University of Michigan Feb 22, 2007 Kang G. Shin.
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Chapter 1 – Introduction
1 An Overview of Computer Security computer security.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Applied Cryptography for Network Security
Towards Application Security On Untrusted OS
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chapter 2 Operating System Overview Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 2: System Structures.
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Chapter 3 Process Description and Control Operating Systems: Internals and Design Principles, 6/E William Stallings Patricia Roy Manatee Community College,
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Information Assurance Research Group 1 NSA Security-Enhanced Linux (SELinux) Grant M. Wagner Information Assurance.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
Network Security Jiuqin Wang June, 2000 Security & Operating system To protect the system, we must take security measures at two levels: Physical level:
Chapter 7 Securing Commercial Operating Systems. Chapter Overview Retrofitting Security into a Commercial OS History of Retrofitting Commercial OS's Commercial.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Information Security What is Information Security?
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Operating Systems Security
AUTHORS – X. NIE, D. FENG, J. CHE, X. WANG PRESENTED BY- PREOYATI KHAN KENT STATE UNIVERSITY Design and Implementation of Security Operating System based.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Security Vulnerabilities in A Virtual Environment
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Protecting The Kernel Data through Virtualization Technology BY VENKATA SAI PUNDAMALLI id :
Trusted Operating Systems
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Design Principles and Common Security Related Programming Problems
Archictecture for MultiLevel Database Systems Jeevandeep Samanta.
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
Access Controls Mandatory Access Control by Sean Dalton December 5 th 2008.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Chap5: Designing Trusted Operating Systems.  What makes an operating system “secure”? Or “trustworthy”?  How are trusted systems designed, and which.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 5: Security Architecture and Models.
What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources Literature by S. Demetriou et al. Presented.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
Access Control Model SAM-5.
Protection and Security
Outline What does the OS protect? Authentication for operating systems
Outline What does the OS protect? Authentication for operating systems
What is an Operating System?
OS Access Control Mauricio Sifontes.
Chapter 29: Program Security
Operating Systems: A Modern Perspective, Chapter 3
NSA Security-Enhanced Linux (SELinux)
Access Control What’s New?
Presentation transcript:

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented by: Chris Massie

Introduction Diversified network computing resources relies on embedded technology Areas such as governmental infrastructures and economic practices Embedded systems often serve as supporting components Serve an important role for many applications and services Security problems for embedded systems often make them counterproductive Security very important in many embedded systems

Security Principles Security is based on five essential principles: (Supposed to guarantee the correct execution of both the program and the communication) 1.) Confidentiality Only the entities involved in the execution or communication can have access to data To prevent sensitive system information from unauthorized access and intentional abuse 2.) Integrity A message must not be damaged during the transfer To guarantee critical files and data against deletion and modification in unauthorized ways Provide tamper-proofing protection for applications and services on embedded operating systems from malicious code and virus protection 3.) Availability Defend the whole system against attacks and ensures authorized, legitimate access

Security Principles (cont.) Security is based on five essential principles: (Supposed to guarantee the correct execution of both the program and the communication) 4.) Authenticity The entity must be sure that the message comes from the right entity The system must trust the program source code 5.) Non-repudiation The entities implied in the exchange must not have the possibility to deny the exchange Authors only placed emphasis on Confidentiality, Integrity, and Availability

Security Solutions for Embedded Systems Current embedded systems suffer a large number of penetration and threats Due to the intrinsic weakness of hardware structure and the uninsured security status of the OS Security solutions like IDS (Intrusion Detection Systems) and firewalls can claim to carry out secure reinforcement But internal vulnerabilities seriously impair the external effectiveness those solutions play Still expose the whole system to malicious communities The embedded system would fail to guard the applications and services based on it Trustworthy computing techniques are maturing Schemes are becoming possible for effectively solving deficiencies of computer architecture and enhancing the security of embedded systems Depending on trustworthy hardware and secure OSs, a viable security framework is presented

Trusted Hardware Technology Security solutions based on trustworthy hardware technology include AEGIS secure processor eXecute Only Memory (XOM) technique TrustZone secure processor architecture TrustZone assumes that the complete secure solution is not feasible Goal is to secure only some parts of the architecture and data TrustZone assumes and requires an architecture with a secure core and a secure portion within the memory Implements zone isolation by a unique secure zone (trusted zone) TrustZone develops a high level software architecture supported by hardware protection Has been widely recognized as a trusted computing base and successfully used The paper presents a TrustZone-based secure enhancement framework for embedded systems

TrustZone TrustZone implements zone isolation by using a trusted zone Trusted zone establishes the connection between user mode and kernel mode Has a higher privilege level than kernel mode Not an exclusive zone, but a zone where kernel mode or user mode applications run A monitor module controls switching between normal zone and trusted zone Also protects context switching and supervises all tasks in the processor in real time If a secure request is captured, the request is encrypted in normal zone and then stored in a shared part assigned by the secure kernel

TrustZone (cont.) Once the request is verified the monitor module records non-secure states then switches monitoring sessions to trusted zone Like a context switch The monitor module protects data in the trusted zone from infiltrating into normal zone This is all achieved by hardware, not the OS TrustZone architecture provides a secure hardware base for many OS like embedded Linux and Windows CE

Embedded Linux System Security OS security determines the security level of applications and the whole system for embedded Linux systems Access control mechanism plays an essential role for OS security Vulnerability is the main reason that causes threat of confidentiality and integrity The main content for security mechanisms of the OS Discretionary access control (DAC) is a simple access control mechanism adopted in embedded Linux The access control is prone to attack by malicious programs Security can’t be assured by only having an embedded Linux OS To improve security of embedded systems, access control must have enhanced security

Multi-policy Mandatory Access Control Mandatory access control (MAC) mechanisms can ensure confidentiality and integrity of a system Two security models to enhance access control: Domain and Type Enforcement (DTE) model Bell-La Padula (BLP) model DTE Provides a MAC with the same security level as that of BLP The paper designs a joint MAC mechanism based on both DTE and BLP Use of DTE model ensures integrity of system Use of improved BLP model ensures confidentiality of system

Domain and Type Enforcement (DTE) DTE is an access control method based on a table Implements integrity independent of trusted users All subjects or processes in the system connect with a domain All objects or resources connect with a type DTE establishes a domain definition table to describe operation right of each domain on different types of resources System searches table, if access request is allowed then the process can access the needed resource Domain interaction table defines the allowed access models between domains

Bell-La Padula (BLP) BLP model is a state machine model System states are defined, and transition rules between states are defined Groups entities within the system into different access levels Classifies subjects and objects into different levels and categories In the multi-security policy model of BLP, the authors modified the rules to create an enhanced version The “reading up” of BLP is added with integrity requirement By restricting “over writing”, only append mode is allowed to implement “reading up” to prohibit a covert channel

Linux Security Module (LSM) Linux Security Module (LSM) framework is embedded into the Linux2.6 kernel. Thus there exists a uniform measure for implementation of mandatory access mechanisms The embedded Linux OS with security enhancement uses: LSM framework Adopts security policy of BLP and DTE model Utilizes security module stacking technology Assigns security label for process and resource in the system to implement MAC More secure than DAC, which is a simple access control mechanism for embedded Linux

Linux Security Module (LSM) (cont.) The domain/type implements the security policy of DTE The BLP policy improves the confidentiality of the system Therefore, the reinforced operating system ensures the secure implementation of TrustZone architecture The secure embedded system architecture based on TrustZone technique and the secure Linux OS shown in figure

Secure Embedded System Architecture Normal zone allocates BLP and DTE policies to avoid malicious trespasses Thus assures the confidentiality and integrity of the whole system General apps belonging to normal zone run on the secure embedded Linux system Secure Monitor Interrupt (SMI) instructions are called for apps to visit the trusted zone Secure applications call the TrustZone access control driver and SMI to perform trusted processes The monitor establishes secure switching between normal zone and trusted zone Trusted applications belonging to trusted zone directly function on the secure kernel Is supported by TrustZone technique to achieve necessary protection and access control for applications

System Security Analysis The confidentiality and integrity of the author’s prototype system is guaranteed by the Linux Security Module (LSM) framework Protects not only general apps, but also secure apps in normal zone LSM provides mandatory access control, so general apps just function in normal zone rather than in trusted zone When comparing a standard Linux kernel against the enhanced security kernel with LSM Worst case overhead was 9.4% for open/close and 11.8% for file deletion Enhanced system employs SMI instructions to manage secure switching between normal and trusted zone to protect secure apps belonging to normal zone

Conclusion The enhanced security system successfully achieves a combination of a secure OS and trustworthy hardware techniques The paper employs mandatory access control to: Operate an embedded Linux system on an enhanced security standard Presents an embedded system security solution based on TrustZone technique and secure embedded Linux Proposed solution serves as a viable and effective way to settle security problems in embedded systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.