Leandro Fiorin, A. Ferrante, Konstantinos Padarnitsas, S. Carucci
{"title":"嵌入式系统中硬件辅助安全性增强的Linux:一个建议","authors":"Leandro Fiorin, A. Ferrante, Konstantinos Padarnitsas, S. Carucci","doi":"10.1145/1873548.1873551","DOIUrl":null,"url":null,"abstract":"As computing and communications increasingly pervade our lives, security and protection of sensitive data and systems are emerging as extremely important issues. This is especially true for embedded systems, often operating in non-secure environments, and with limited amount of computational, storage, and communication resources available. In servers and desktop systems, Security Enhanced Linux (SELinux) is currently used as a method to enhance security by enforcing a security control based on policies that confine user programs, or processes, to the minimum amount of privileges that they require for their execution. While providing a powerful mean for enhancing security in UNIX-like systems, SELinux still remains a feature that is too heavy to be fully supported by constrained devices. In this paper, we propose a hardware architecture for enhancing security and accelerating retrieval and applications of SELinux policies in embedded processors. We describe the general ideas behind our work, discussing motivations, advantages, and limits of the solution proposed, while suggesting the main steps needed to implement the described architecture on common embedded processors.","PeriodicalId":114446,"journal":{"name":"WESS '10","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Hardware-assisted security enhanced Linux in embedded systems: a proposal\",\"authors\":\"Leandro Fiorin, A. Ferrante, Konstantinos Padarnitsas, S. Carucci\",\"doi\":\"10.1145/1873548.1873551\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As computing and communications increasingly pervade our lives, security and protection of sensitive data and systems are emerging as extremely important issues. This is especially true for embedded systems, often operating in non-secure environments, and with limited amount of computational, storage, and communication resources available. In servers and desktop systems, Security Enhanced Linux (SELinux) is currently used as a method to enhance security by enforcing a security control based on policies that confine user programs, or processes, to the minimum amount of privileges that they require for their execution. While providing a powerful mean for enhancing security in UNIX-like systems, SELinux still remains a feature that is too heavy to be fully supported by constrained devices. In this paper, we propose a hardware architecture for enhancing security and accelerating retrieval and applications of SELinux policies in embedded processors. We describe the general ideas behind our work, discussing motivations, advantages, and limits of the solution proposed, while suggesting the main steps needed to implement the described architecture on common embedded processors.\",\"PeriodicalId\":114446,\"journal\":{\"name\":\"WESS '10\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-10-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"WESS '10\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1873548.1873551\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"WESS '10","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1873548.1873551","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Hardware-assisted security enhanced Linux in embedded systems: a proposal
As computing and communications increasingly pervade our lives, security and protection of sensitive data and systems are emerging as extremely important issues. This is especially true for embedded systems, often operating in non-secure environments, and with limited amount of computational, storage, and communication resources available. In servers and desktop systems, Security Enhanced Linux (SELinux) is currently used as a method to enhance security by enforcing a security control based on policies that confine user programs, or processes, to the minimum amount of privileges that they require for their execution. While providing a powerful mean for enhancing security in UNIX-like systems, SELinux still remains a feature that is too heavy to be fully supported by constrained devices. In this paper, we propose a hardware architecture for enhancing security and accelerating retrieval and applications of SELinux policies in embedded processors. We describe the general ideas behind our work, discussing motivations, advantages, and limits of the solution proposed, while suggesting the main steps needed to implement the described architecture on common embedded processors.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
