Registration

Register
Login

Content

Call For Papers
Schedule
Presentations
Tutorials
BOFS

Event Info

Venue
Travel
FAQ
Link Us

Additional Info

Sponsors
Special Events Contact Us
Media
Archives
Home



Trusted Secure Embedded Linux: From Hardware Root of Trust to Mandatory Access Control

Hadi Nahari (hadi_nahari@hotmail.com)

With the ever-increasing presence of Linux implementations in embedded devices (mobile handsets, set-top boxes, headless computing devices, medical equipments, etc.) there is a strong demand for defining the security requirements and augmenting, enhancing and hardening the operating environment. Currently an estimated 70 percent of new semiconductor devices are Linux enabled; such a high growth is accompanied by inevitable security risks, hence the requirement for hardware-based trusted and secure computing environment, enhanced with MAC (Mandatory Access Control) mechanisms for such devices in order to provide appropriate levels of protection. Due to stringent security requirements for resource-constrained embedded devices, establishing trust-chain on hardware root of trust, and deploying MAC mechanisms to balance performance and control are particularly challenging tasks.

This paper presents the status of MontaVista Software efforts to implement such solution based on ARM cores that provide separated executing environment, as well as SELinux for providing MAC on an embedded device. The focus will be on practical aspects of hardware integration as well as porting SELinux to resource-constrained devices.