SmartK:内核级操作系统中的智能卡

Information Security Technical Report Pub Date : 2013-02-01 DOI:10.1016/j.istr.2012.10.003

Luigi Catuogno, Roberto Gassirà, Michele Masullo, Ivan Visconti

{"title":"SmartK:内核级操作系统中的智能卡","authors":"Luigi Catuogno, Roberto Gassirà, Michele Masullo, Ivan Visconti","doi":"10.1016/j.istr.2012.10.003","DOIUrl":null,"url":null,"abstract":"<div><p>A smart card is a tamper-resistant miniature computer that performs some basic computations on input a secret information. So far, smart cards have been widely used for securing many digital transactions (e.g., pay television, ATM machines).</p><p>We focus on the implementation of operating system security services leveraging on smart cards. This very challenging feature allows one to personalize some functionalities of the operating system by simply changing a smart card. Current solutions for integrating smart card features in operating system services require at least a partial execution of some of the operating system functionalities at “user level”. Unfortunately, system functionalities built on top of components lying at both kernel and user levels may negatively affect the overall system security, due to the introduction of multiple points of failure.</p><p>In this work, we present the design and implementation of SmartK: a framework that integrates features of smart cards uniquely in the Linux kernel. In order to validate our approach, we propose a host of enhancements to the Linux operating system built on top of SmartK: 1) in-kernel clients' authentication with Kerberos; 2) execution of trusted code; 3) key management in secure network filesystems.</p><p>In particular, we present an experimental Linux OS distribution (SalSA), which addresses the security issues related to downloading packages and to updating an operating system through the Internet.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"17 3","pages":"Pages 93-104"},"PeriodicalIF":0.0000,"publicationDate":"2013-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2012.10.003","citationCount":"9","resultStr":"{\"title\":\"SmartK: Smart cards in operating systems at kernel level\",\"authors\":\"Luigi Catuogno, Roberto Gassirà, Michele Masullo, Ivan Visconti\",\"doi\":\"10.1016/j.istr.2012.10.003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>A smart card is a tamper-resistant miniature computer that performs some basic computations on input a secret information. So far, smart cards have been widely used for securing many digital transactions (e.g., pay television, ATM machines).</p><p>We focus on the implementation of operating system security services leveraging on smart cards. This very challenging feature allows one to personalize some functionalities of the operating system by simply changing a smart card. Current solutions for integrating smart card features in operating system services require at least a partial execution of some of the operating system functionalities at “user level”. Unfortunately, system functionalities built on top of components lying at both kernel and user levels may negatively affect the overall system security, due to the introduction of multiple points of failure.</p><p>In this work, we present the design and implementation of SmartK: a framework that integrates features of smart cards uniquely in the Linux kernel. In order to validate our approach, we propose a host of enhancements to the Linux operating system built on top of SmartK: 1) in-kernel clients' authentication with Kerberos; 2) execution of trusted code; 3) key management in secure network filesystems.</p><p>In particular, we present an experimental Linux OS distribution (SalSA), which addresses the security issues related to downloading packages and to updating an operating system through the Internet.</p></div>\",\"PeriodicalId\":100669,\"journal\":{\"name\":\"Information Security Technical Report\",\"volume\":\"17 3\",\"pages\":\"Pages 93-104\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1016/j.istr.2012.10.003\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Security Technical Report\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1363412712000441\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Technical Report","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1363412712000441","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

智能卡是一种防篡改的微型计算机，它在输入秘密信息时执行一些基本计算。到目前为止，智能卡已广泛用于确保许多数字交易的安全(例如，付费电视、自动取款机)。我们专注于利用智能卡实现操作系统安全服务。这个非常具有挑战性的特性允许用户通过简单地更换智能卡来个性化操作系统的某些功能。在操作系统服务中集成智能卡功能的当前解决方案至少需要在“用户级”部分执行某些操作系统功能。不幸的是，构建在内核和用户级组件之上的系统功能，由于引入了多点故障，可能会对整个系统的安全性产生负面影响。在这项工作中，我们介绍了SmartK的设计和实现:一个在Linux内核中独特集成智能卡功能的框架。为了验证我们的方法，我们对构建在SmartK之上的Linux操作系统提出了一系列增强:1)内核内客户端使用Kerberos的身份验证;2)可信代码的执行;3)安全网络文件系统中的密钥管理。特别地，我们提出了一个实验性的Linux操作系统发行版(SalSA)，它解决了与下载软件包和通过互联网更新操作系统相关的安全问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SmartK: Smart cards in operating systems at kernel level

A smart card is a tamper-resistant miniature computer that performs some basic computations on input a secret information. So far, smart cards have been widely used for securing many digital transactions (e.g., pay television, ATM machines).

We focus on the implementation of operating system security services leveraging on smart cards. This very challenging feature allows one to personalize some functionalities of the operating system by simply changing a smart card. Current solutions for integrating smart card features in operating system services require at least a partial execution of some of the operating system functionalities at “user level”. Unfortunately, system functionalities built on top of components lying at both kernel and user levels may negatively affect the overall system security, due to the introduction of multiple points of failure.

In this work, we present the design and implementation of SmartK: a framework that integrates features of smart cards uniquely in the Linux kernel. In order to validate our approach, we propose a host of enhancements to the Linux operating system built on top of SmartK: 1) in-kernel clients' authentication with Kerberos; 2) execution of trusted code; 3) key management in secure network filesystems.

In particular, we present an experimental Linux OS distribution (SalSA), which addresses the security issues related to downloading packages and to updating an operating system through the Internet.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Information Security Technical Report

自引率

0.00%

发文量