ALMOS Many-Core Operating System Extension with New Secure-Enable Mechanisms for Dynamic Creation of Secure Zones

Abstract

Many-core architectures are becoming a major execution platform in order to face the increasing number of applications to be executed in parallel. Such an approach is very attractive in order to offer users with high performance. However it introduces some key challenges in terms of security as some malicious applications may compromise the whole system. A defense-in-depth approach relying on hardware and software mechanisms is thus mandatory to increase the level of protection. This work focuses on the Operating System (OS) level and proposes a set of operating system services able to dynamically create physical isolated secure zones for sensitive applications in many-core platforms. These services are integrated into the ALMOS OS deployed in the TSAR many-core architecture, and evaluated in terms of security level and induced performance overhead.