10/17/2008 1 From imagination to impact Dhammika Elkaduwe Philip Derrin Kevin Elphinstone Kernel Design for Isolation and Assurance of Physical Memory Embedded Systems • Increasing functionality • Increasing software complexity – Millions of lines of code – Mutually untrusted SW vendors • Consolidate functionality Connectivity – Attacks from outside • No longer close systems – Download SW IIES08/seL4 1 Embedded Systems • Diverse applications – Real-time Vs. best effort • Tight resource budgets • Mission/life- critical applications • Sensitive information Reliability is paramount Reliability is paramount Reliability is paramount Reliability is paramount IIES08/seL4 2 Small Kernel Approach Supervisor OS Linux Server Device Driver Trusted Service Device Driver Legacy App. Legacy App. Legacy App. Legacy App. Trusted Service Trusted Service Trusted Service Device Driver Sensitive App. Sensitive App. Sensitive App. Sensitive App. Hardware Untrusted Trusted Small kernel (e.g. Microkernel) • Smaller, more trustworthy foundation – Hypervisor, microkernel microkernel microkernel microkernel, isolation kernel, ….. • Facilitate controlled integration and isolation – Isolate: fault isolation, diversity – Integrate: performance IIES08/seL4 3A Small Kernel Approach • Smaller, more trustworthy foundation – Hypervisor, microkernel microkernel microkernel microkernel, isolation kernel, ….. • Facilitate controlled integration and isolation – Isolate: fault isolation, diversity – Integrate: performance IIES08/seL4 3B • Microkernel should: • Provide sufficient API • Correct realisation of API • Adhere to isolation/integration requirements of the system Supervisor OS Linux Server Device Driver Trusted Service Device Driver Legacy App. Legacy App. Legacy App. Legacy App. Trusted Service Trusted Service Trusted Service Device Driver Sensitive App. Sensitive App. Sensitive App. Sensitive App. Hardware Small kernel (e.g. Microkernel) Untrusted Trusted
5
Embed
seL4-iies08.ppt - Computer Science and Engineeringcs9242/08/lectures/10-seL4x6.pdf · BNeed bookkeeping Doubly-linked list through capabilities Space allocated with capability tables
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
10/17/2008
1
From imagination to impact
Dhammika Elkaduwe
Philip Derrin
Kevin Elphinstone
Kernel Design for Isolation and Assurance of Physical Memory
Embedded Systems
• Increasing functionality
• Increasing software complexity
– Millions of lines of code
– Mutually untrusted SW vendors
• Consolidate functionality
Connectivity
– Attacks from outside
• No longer close systems
– Download SW
IIES08/seL4 1
Embedded Systems
• Diverse applications
– Real-time Vs. best effort
• Tight resource budgets
• Mission/life- critical applications
• Sensitive information
Reliability is paramount Reliability is paramount Reliability is paramount Reliability is paramount