FIDES: an advanced chip multiprocessor platform for secure next generation mobile terminals

Authors:
Hiroaki Inoue;Akihisa Ikeno;Masaki Kondo;Junji Sakai;Masato Edahiro
Affiliations:
NEC Corporation, Kanagawa, Japan;NEC Informatec Systems, Ltd. , Kanagawa, Japan;NEC Informatec Systems, Ltd. , Kanagawa, Japan;NEC Corporation, Kanagawa, Japan;NEC Corporation, Kanagawa, Japan
Venue:
CODES+ISSS '05 Proceedings of the 3rd IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis
Year:
2005

Citing 4
Cited 5

Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation

Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Integrating Flexible Support for Security Policies into the Linux Operating System

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor

Proceedings of the General Track: 2002 USENIX Annual Technical Conference
A user-mode port of the linux kernel

ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4

VIRTUS: a new processor virtualization architecture for security-oriented next-generation mobile terminals

Proceedings of the 43rd annual Design Automation Conference
Dynamic security domain scaling on symmetric multiprocessors for future high-end embedded systems

CODES+ISSS '07 Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis
Processor virtualization for secure mobile terminals

ACM Transactions on Design Automation of Electronic Systems (TODAES)
FIDES: An advanced chip multiprocessor platform for secure next generation mobile terminals

ACM Transactions on Embedded Computing Systems (TECS)
Dynamic security domain scaling on embedded symmetric multiprocessors

ACM Transactions on Design Automation of Electronic Systems (TODAES)

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a secure platform on a chip multiprocessor, known as FIDES, in order to enable next generation mobile terminals to execute downloaded native applications for Linux. Its most important feature is the higher security based on multi-grained separation mechanisms: coarse-grained processor-level separation of the basic-function domain from other domains for such downloaded applications, medium-grained OS-level separation, and fine-grained process-level separation within SELinux. Four new technologies, which include three enhancements to SELinux, support the FIDES platform: 1) bus filter logic for processor-level separation can be implemented as a small logic, 2) XIP kernels for memory-efficient OS-level separation can reduce memory requirements by 182%, 3) policy separation for enhanced process-level separation can apply policies 2.1 times faster at system boot-up, and 4) dynamic access control can provide secure Inter-Domain Communications (IDCs) with an overhead of only 4% for IDC system calls. We implemented SELinuxes on an ARM-based multiprocessor. Therefore, the best-suited platform to secure next generation mobile terminals is the FIDES platform, which can provide higher security as well as higher performance and lower power consumption on chip multiprocessors leading the current technology trend of microprocessors.