r6 - 18 Mar 2008 - 00:57:25 - Main.jisooyYou are here: TWiki > 
Main Web > RtclProjects > ProjectMinsk
Main Web > RtclProjects > ProjectMinskMinsk: A Minuscule Security Kernel
Positioned between conventional operating system and hardware, Minsk provides a safe and easy-to-secure trust base for many security solutions. Minsk's primary function is to implement the SP3 protection system so that we can have a stand-alone version of SP3 protection without having to deal with the extra features and specifics of hypervisors. Click here for more information on SP3 project.Project description
Motivation
Minsk project is directly motivated by the SP3 project. In that project, we modified a full-fledged hypervisor, namely Xen, to realize the SP3 protection model. Although there is no limiting factor in using a full-fledged hypervisor, its 'extra' features such as running multiple operating systems really are not needed for our purpose. We only used Xen since it provides a safe perimeter and efficient emulation of modified MMU and interrupt semantics. In fact, if users don't want to run multiple virtual machines, these extra features would potentially impair security since they add to the trusted computing base (TCB) for the SP3 protection. Hence, our first motivation is equivalent to saying that we want to reduce the size and complexity of the TCB for SP3 implementation. Another motivation is to have a stand-alone, light-weight platform, which can be used for hosting security solutions other than our SP3 application protection system. Fortunately, developing such a security platform is facilitated by recent industry supports for trusted computing and virtualization.Goals
As the name of the project implies, our primary objective is to develop a system software layer that is light-weight and secure. The system should be made as small as possible so that the TCB is minimized, but not too small so that the system has enough mechanisms for protecting the perimeter. Another goal is to make sure the entire system has been bootstrapped securely. Using recent techniques for secure hardware, we want to present the next layer of system software (e.g., OS) a clean, untampered initial state of the system.Project management
Currently, there is no independent meeting for Minsk project. Instead, a progress is reported at the weekly systems group meeting. Sometimes, people in RTCL discuss implementation details at the weekly Xen study group.People
- Jisoo Yang, PhD student
Reports
(Early position paper in the context of embedded system security)- Jisoo Yang and Kang G. Shin. On Software Protection in Embedded Systems. ARO Workshop on Embedded Systems and Network Security. Feb, 2007.
PDF
Related projects
- Software-Privacy Preserving Platform
- JTL Template Library: a type-safe and efficient library for systems software development
Project sponsors
- Airforce Office of Scientific Research (AFOSR)
Home
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
TWiki Tip of the Day
File attachments
One can attach files to any topic. The action of attaching a file to a topic is similar to attaching ... Read on
One can attach files to any topic. The action of attaching a file to a topic is similar to attaching ... Read on
Main |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback