Hardware-assisted security enhanced Linux in embedded systems: a proposal

WESS '10 Pub Date : 2010-10-24 DOI:10.1145/1873548.1873551

Leandro Fiorin, A. Ferrante, Konstantinos Padarnitsas, S. Carucci

{"title":"Hardware-assisted security enhanced Linux in embedded systems: a proposal","authors":"Leandro Fiorin, A. Ferrante, Konstantinos Padarnitsas, S. Carucci","doi":"10.1145/1873548.1873551","DOIUrl":null,"url":null,"abstract":"As computing and communications increasingly pervade our lives, security and protection of sensitive data and systems are emerging as extremely important issues. This is especially true for embedded systems, often operating in non-secure environments, and with limited amount of computational, storage, and communication resources available. In servers and desktop systems, Security Enhanced Linux (SELinux) is currently used as a method to enhance security by enforcing a security control based on policies that confine user programs, or processes, to the minimum amount of privileges that they require for their execution. While providing a powerful mean for enhancing security in UNIX-like systems, SELinux still remains a feature that is too heavy to be fully supported by constrained devices. In this paper, we propose a hardware architecture for enhancing security and accelerating retrieval and applications of SELinux policies in embedded processors. We describe the general ideas behind our work, discussing motivations, advantages, and limits of the solution proposed, while suggesting the main steps needed to implement the described architecture on common embedded processors.","PeriodicalId":114446,"journal":{"name":"WESS '10","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"WESS '10","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1873548.1873551","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

As computing and communications increasingly pervade our lives, security and protection of sensitive data and systems are emerging as extremely important issues. This is especially true for embedded systems, often operating in non-secure environments, and with limited amount of computational, storage, and communication resources available. In servers and desktop systems, Security Enhanced Linux (SELinux) is currently used as a method to enhance security by enforcing a security control based on policies that confine user programs, or processes, to the minimum amount of privileges that they require for their execution. While providing a powerful mean for enhancing security in UNIX-like systems, SELinux still remains a feature that is too heavy to be fully supported by constrained devices. In this paper, we propose a hardware architecture for enhancing security and accelerating retrieval and applications of SELinux policies in embedded processors. We describe the general ideas behind our work, discussing motivations, advantages, and limits of the solution proposed, while suggesting the main steps needed to implement the described architecture on common embedded processors.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

嵌入式系统中硬件辅助安全性增强的Linux:一个建议

随着计算和通信日益渗透到我们的生活中，敏感数据和系统的安全和保护已成为极其重要的问题。对于嵌入式系统来说尤其如此，因为嵌入式系统通常在不安全的环境中运行，并且可用的计算、存储和通信资源有限。在服务器和桌面系统中，安全增强型Linux (SELinux)目前被用作一种增强安全性的方法，它基于将用户程序或进程限制在其执行所需的最小权限的策略来实施安全控制。虽然为增强类unix系统中的安全性提供了一种强大的手段，但SELinux仍然是一个太重的特性，无法被受限的设备完全支持。在本文中，我们提出了一个硬件架构，以提高安全性和加快检索和应用SELinux策略在嵌入式处理器。我们描述了我们工作背后的一般思想，讨论了所提出的解决方案的动机、优点和限制，同时提出了在通用嵌入式处理器上实现所描述的体系结构所需的主要步骤。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

WESS '10

自引率

0.00%

发文量