Minsk: A Minuscule Security Kernel

Positioned between conventional operating system and hardware, Minsk provides a safe and easy-to-secure trust base for many security solutions. Minsk’s primary function is to implement the SP3 protection system so that we can have a stand-alone version of SP3 protection without having to deal with the extra features and specifics of hypervisors.

Motivation

Minsk project is directly motivated by the SP3 project. In that project, we modified a full-fledged hypervisor, namely Xen, to realize the SP3 protection model. Although there is no limiting factor in using a full-fledged hypervisor, its ‘extra’ features such as running multiple operating systems really are not needed for our purpose. We only used Xen since it provides a safe perimeter and efficient emulation of modified MMU and interrupt semantics. In fact, if users don’t want to run multiple virtual machines, these extra features would potentially impair security since they add to the trusted computing base (TCB) for the SP3 protection. Hence, our first motivation is equivalent to saying that we want to reduce the size and complexity of the TCB for SP3 implementation.

Another motivation is to have a stand-alone, light-weight platform, which can be used for hosting security solutions other than our SP3 application protection system. Fortunately, developing such a security platform is facilitated by recent industry supports for trusted computing and virtualization.

Goals

As the name of the project implies, our primary objective is to develop a system software layer that is light-weight and secure. The system should be made as small as possible so that the TCB is minimized, but not too small so that the system has enough mechanisms for protecting the perimeter. Another goal is to make sure the entire system has been bootstrapped securely. Using recent techniques for secure hardware, we want to present the next layer of system software (e.g., OS) a clean, untampered initial state of the system.

Project management

Currently, there is no independent meeting for Minsk project. Instead, a progress is reported at the weekly systems group meeting. Sometimes, people in RTCL discuss implementation details at the weekly Xen study group.

People

  • Jisoo Yang, PhD student

Reports

(Early position paper in the context of embedded system security)

  • Jisoo Yang and Kang G. Shin. On Software Protection in Embedded SystemsARO Workshop on Embedded Systems and Network Security. Feb, 2007.

Project sponsors

  • Airforce Office of Scientific Research (AFOSR)