par Van Bulck, Jo;Noorman, Job;Mühlberg, Jan Tobias 
;Piessens, Frank
Référence Modularity '16: Companion volume of the 15th International Conference on Modularity(March 14 - 17, 2016: Málaga Spain), MODULARITY Companion 2016: Companion Proceedings of the 15th International Conference on Modularity, Association for Computing Machinery, New York NY United States, page (146 - 151)
Publication Publié, 2016
;Piessens, FrankRéférence Modularity '16: Companion volume of the 15th International Conference on Modularity(March 14 - 17, 2016: Málaga Spain), MODULARITY Companion 2016: Companion Proceedings of the 15th International Conference on Modularity, Association for Computing Machinery, New York NY United States, page (146 - 151)
Publication Publié, 2016
Publication dans des actes
| Résumé : | Protected Module Architectures are a new brand of security architectures whose main objective is to support the secure isolated execution of software modules with a minimal Trusted Computing Base (TCB) -- several prototypes for embedded systems (and also the Intel Software Guard eXtensions for higher-end systems) ensure isolation with a hardware-only TCB. However, while these architectures offer strong confidentiality and integrity guarantees for software modules, they offer no availability (let alone real-time) guarantees. This paper reports on our work-in-progress towards extending a protected module architecture for small microprocessors with availability and real-time guarantees. Our objective is to maintain the existing security guarantees with a hardware-only TCB, but to also guarantee availability (and even real-time properties) if one can also trust the scheduler. The scheduler, as any software on the platform, remains untrusted for confidentiality and integrity -- but it is sufficient to trust the scheduler module to get availability guarantees even on a partially compromised platform. |
