The Design of a COTS Real-Time Distributed Security Kernel

Miguel Correia, Paulo Veríssimo, Nuno Ferreira Neves

Proc. of the Fourth European Dependable Computing Conference, Toulouse, France, October 2002

Keywords: Secure Systems, Fault-Tolerant Systems and Components, Architectures for Dependable Systems, Distributed Fault-Tolerance, Byzantine Faults, Security Kernel, Real-Time, COTS


This paper describes the design of a security kernel called TTCB, which has innovative features. Firstly, it is a distributed subsystem with its own secure network. Secondly, the TTCB is real-time, that is, a synchronous subsystem capable of timely behavior. These two characteristics together are uncommon in security kernels. Thirdly, the TTCB can be implemented using only COTS components.

We discuss essentially three things in this paper: (1) The TTCB is a simple component providing a small set of basic secure services.  It aims at building a new style of protocols to achieve intrusion tolerance, which for the most part execute in insecure, arbitrary failure environments, and resort to the TTCB only in crucial parts of their operation. (2) Besides, the TTCB is a synchronous device supplying functions that may be an enabler of a new generation of timed secure protocols, until now known to be fragile due to attacks on timing assumptions.  (3) Finally, we present a design methodology that establishes our hybrid failure assumptions in a well-founded manner. It helps us to achieve a robust design, despite using exclusively COTS components, with the advantage of allowing the security kernel to be easily deployed on widely used platforms.


    author  = "M. Correia and P. Ver\'{\i}ssimo and N. F. Neves",
    title       = "The Design of a {COTS} Real-Time Distributed Security Kernel",
    booktitle = "Proc. of the Fourth European Dependable Computing Conference",
    address = "Toulouse, France",
    month       = oct,
    year    = 2002

Extended report

Download the pdf or the postscript .