Trusted Secure Embedded Linux: From Hardware Root of Trust to Mandatory Access ControlHadi Nahari (firstname.lastname@example.org)
With the ever-increasing presence of Linux implementations in embedded devices (mobile handsets, set-top boxes, headless computing devices, medical equipments, etc.) there is a strong demand for defining the security requirements and augmenting, enhancing and hardening the operating environment. Currently an estimated 70 percent of new semiconductor devices are Linux enabled; such a high growth is accompanied by inevitable security risks, hence the requirement for hardware-based trusted and secure computing environment, enhanced with MAC (Mandatory Access Control) mechanisms for such devices in order to provide appropriate levels of protection. Due to stringent security requirements for resource-constrained embedded devices, establishing trust-chain on hardware root of trust, and deploying MAC mechanisms to balance performance and control are particularly challenging tasks.
This paper presents the status of MontaVista Software efforts to implement such solution based on ARM cores that provide separated executing environment, as well as SELinux for providing MAC on an embedded device. The focus will be on practical aspects of hardware integration as well as porting SELinux to resource-constrained devices.