{"title":"面向seL4增强嵌入式设备的系统隔离和安全性","authors":"Everton de Matos;George Lawton;Conor Lennon","doi":"10.1109/OJCS.2025.3592377","DOIUrl":null,"url":null,"abstract":"Embedded systems increasingly face security threats due to limited isolation and hardware constraints, creating a demand for robust solutions. The seL4 microkernel, recognized for its minimal footprint and strong security guarantees, is particularly promising for embedded applications requiring secure isolation. This article explores seL4’s capabilities, specifically focusing on its use as a hypervisor on ARM platforms and as a Trusted Execution Environment (TEE) on RISC-V hardware. We describe our implementation of these approaches, highlighting key challenges and presenting methods to simplify their development and deployment. Performance evaluations indicate that seL4 effectively delivers strong isolation with minimal impact on resource usage and overall system performance. In particular, our results demonstrate low overheads for CPU utilization, memory consumption, and network throughput, even under intensive workloads. Finally, the article discusses challenges and recommendations towards the adoption of seL4-based solutions, providing a valuable reference for researchers and practitioners working towards enhancing security in embedded and Internet of Things systems.","PeriodicalId":13205,"journal":{"name":"IEEE Open Journal of the Computer Society","volume":"6 ","pages":"1329-1340"},"PeriodicalIF":0.0000,"publicationDate":"2025-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11095653","citationCount":"0","resultStr":"{\"title\":\"Towards seL4 for Enhanced System Isolation and Security on Embedded Devices\",\"authors\":\"Everton de Matos;George Lawton;Conor Lennon\",\"doi\":\"10.1109/OJCS.2025.3592377\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Embedded systems increasingly face security threats due to limited isolation and hardware constraints, creating a demand for robust solutions. The seL4 microkernel, recognized for its minimal footprint and strong security guarantees, is particularly promising for embedded applications requiring secure isolation. This article explores seL4’s capabilities, specifically focusing on its use as a hypervisor on ARM platforms and as a Trusted Execution Environment (TEE) on RISC-V hardware. We describe our implementation of these approaches, highlighting key challenges and presenting methods to simplify their development and deployment. Performance evaluations indicate that seL4 effectively delivers strong isolation with minimal impact on resource usage and overall system performance. In particular, our results demonstrate low overheads for CPU utilization, memory consumption, and network throughput, even under intensive workloads. Finally, the article discusses challenges and recommendations towards the adoption of seL4-based solutions, providing a valuable reference for researchers and practitioners working towards enhancing security in embedded and Internet of Things systems.\",\"PeriodicalId\":13205,\"journal\":{\"name\":\"IEEE Open Journal of the Computer Society\",\"volume\":\"6 \",\"pages\":\"1329-1340\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2025-07-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11095653\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Open Journal of the Computer Society\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11095653/\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Computer Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/11095653/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards seL4 for Enhanced System Isolation and Security on Embedded Devices
Embedded systems increasingly face security threats due to limited isolation and hardware constraints, creating a demand for robust solutions. The seL4 microkernel, recognized for its minimal footprint and strong security guarantees, is particularly promising for embedded applications requiring secure isolation. This article explores seL4’s capabilities, specifically focusing on its use as a hypervisor on ARM platforms and as a Trusted Execution Environment (TEE) on RISC-V hardware. We describe our implementation of these approaches, highlighting key challenges and presenting methods to simplify their development and deployment. Performance evaluations indicate that seL4 effectively delivers strong isolation with minimal impact on resource usage and overall system performance. In particular, our results demonstrate low overheads for CPU utilization, memory consumption, and network throughput, even under intensive workloads. Finally, the article discusses challenges and recommendations towards the adoption of seL4-based solutions, providing a valuable reference for researchers and practitioners working towards enhancing security in embedded and Internet of Things systems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
