Abstract
This paper discusses a research project that develops enhanced security protections for operating systems running on security enhanced microprocessors. Security tagging schemes are promising mechanisms for enhancing the security of computer systems. The idea of tagging schemes is to attach metadata tags to memory and registers to carry information about the data being tagged. This paper summarizes the features of these new microprocessors and discusses the use of these features in the design of enhanced operating system security for an exemplary real time operating system.
References
Burroughs Corporation, Detroit 32, Michigan. The Operational Characteristics of the Processors for the Burroughs B5000, revision a, 5000–21005 edn. (1962)
Dalton, M., Kannan, H., Kozyrakis, C.: Raksha: a flexible information flow architecture for software security. In: Proceedings of the 34th Annual International Symposium on Computer Architecture, vol. 35, pp. 482–493, May 2007
Fenton, J.S.: Memoryless subsystems. Comput. J. 17(2), 143–147 (1974)
Kannan, H., Dalton, M., Kozyrakis, C.: Decoupling dynamic information flow tracking with a dedicated coprocessor. In: Proceedings of the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 105–114. IEEE, Estoril, Lisbon, Portugal (2009)
On-Line Applications Research Corporation. RTEMS C User’s Guide, edition 4.10.1, for rtems 4.10.1 edn., July 2011
Qin, F., Wang, C., Li, Z., Kim, H.-S., Zhou, Y., Wu, Y.: LIFT: a low-overhead practical information flow tracking system for detecting security attacks. In: Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO-39 2006), pp. 135–148. IEEE Computer Society (2006)
Shioya, R., Kim, D., Horio, K., Goshima, M., Sakai, S.: Low-overhead architecture for security tag. In: Proceedings of the 15th IEEE Pacific Rim International Symposium on Dependable Computing, pp. 135–142. IEEE Computer Society, Shanghai, China (2009)
Shriraman, A., Dwarkadas, S.: Sentry: light-weight auxiliary memory access control. In: Proceedings of the 37th International Symposium on Computer Architecture (37th ISCA’10), pp. 407–418. ACM SIGARCH, Saint-Malo, France, June 2010
Shrobe, H., DeHon, A., Knight, T.: Trust-management, intrusion tolerance, accountability, and reconstitution architecture (TIARA). Technical report, AFRL Technical Report AFRL-RI-RS-TR-2009-271, December 2009
Song, J.: Development and evaluation of a security tagging scheme for a real-time zero operating system kernel. Master thesis, University of Idaho, May 2012
Song, J., Alves-Foss, J.: Security tagging for a zero-kernel operating system. In: Proceedings of the 46th Hawaii International Conference on System Sciences (HICSS), pp. 5049–5058, Wailea, HI, USA, January 2013
Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 85–96, Boston, MA, USA, November 2004
Witchel, E., Cates, J., Asanovic, K.: Mondrian memory protection. In: Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 304–316 (2002)
Yong, S.H., Horwitz, S.: Protecting C programs from attacks via invalid pointer dereferences. In: Proceedings of the 11th ACM SIGSOFT Symposium on Foundations of Software Engineering 2003 held jointly with 9th European Software Engineering Conference. ACM, pp. 307–316, Helsinki, Finland, September 2003
Zeldovich, N., Kannan, H., Dalton, M., Kozyrakis, C.: Hardware enforcement of application security policies using tagged memory. In: Draves, R., van Renesse, R. (eds.) Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, pp. 225–240. USENIX Association, San Diego (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Song, J., Alves-Foss, J. (2016). Expanding RTEMS to a Multiuser System by Using Security Tags. In: Haltinner, K., Sarathchandra, D., Alves-Foss, J., Chang, K., Conte de Leon, D., Song, J. (eds) Cyber Security. CSS 2015. Communications in Computer and Information Science, vol 589. Springer, Cham. https://doi.org/10.1007/978-3-319-28313-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-28313-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-28312-8
Online ISBN: 978-3-319-28313-5
eBook Packages: Computer ScienceComputer Science (R0)