Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
A user-mode port of the linux kernel
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Proceedings of the 43rd annual Design Automation Conference
Dynamic security domain scaling on symmetric multiprocessors for future high-end embedded systems
CODES+ISSS '07 Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis
Processor virtualization for secure mobile terminals
ACM Transactions on Design Automation of Electronic Systems (TODAES)
FIDES: An advanced chip multiprocessor platform for secure next generation mobile terminals
ACM Transactions on Embedded Computing Systems (TECS)
Dynamic security domain scaling on embedded symmetric multiprocessors
ACM Transactions on Design Automation of Electronic Systems (TODAES)
Hi-index | 0.00 |
We propose a secure platform on a chip multiprocessor, known as FIDES, in order to enable next generation mobile terminals to execute downloaded native applications for Linux. Its most important feature is the higher security based on multi-grained separation mechanisms: coarse-grained processor-level separation of the basic-function domain from other domains for such downloaded applications, medium-grained OS-level separation, and fine-grained process-level separation within SELinux. Four new technologies, which include three enhancements to SELinux, support the FIDES platform: 1) bus filter logic for processor-level separation can be implemented as a small logic, 2) XIP kernels for memory-efficient OS-level separation can reduce memory requirements by 182%, 3) policy separation for enhanced process-level separation can apply policies 2.1 times faster at system boot-up, and 4) dynamic access control can provide secure Inter-Domain Communications (IDCs) with an overhead of only 4% for IDC system calls. We implemented SELinuxes on an ARM-based multiprocessor. Therefore, the best-suited platform to secure next generation mobile terminals is the FIDES platform, which can provide higher security as well as higher performance and lower power consumption on chip multiprocessors leading the current technology trend of microprocessors.