M. Correia, P. VerĂssimo, and N. F. Neves
Technical report, Department of Computer Science, University of Lisbon, 2001.
This paper describes the design of a security kernel called TTCB, which has innovative features. Firstly, it is a distributed subsystem with its own secure network. Secondly, the TTCB is real-time, that is, a synchronous subsystem capable of timely behavior. These two characteristics together are uncommon in security kernels. Thirdly, the TTCB can be implemented using only COTS components. We discuss essentially three things in this paper: (1) The TTCB is a simple component providing a small set of basic secure services. It aims at building a new style of protocols to achieve intrusion tolerance, which for the most part execute in insecure, arbitrary failure environments, and resort to the TTCB only in crucial parts of their operation. (2) Besides, the TTCB is a synchronous device supplying functions that may be an enabler of a new generation of timed secure protocols, until now known to be fragile due to attacks on timing assumptions. (3) Finally, we present a design methodology that establishes our hybrid failure assumptions in a well-founded manner. It helps us to achieve a robust design, despite using exclusively COTS components, with the advantage of allowing the security kernel to be easily deployed on widely used platforms.
@TechReport{di-fcul-tr-01-12,
author = "Miguel Correia and
Paulo Ver\'{\i}ssimo and Nuno Ferreira Neves",
title = "The Design of a
COTS Real-Time Distributed Security Kernel (Extended Version)",
institution = "Department of Computer Science, University of
Lisbon",
year = 2001,
type = "DI/FCUL
TR",
number = "01--12",
month = dec,
url = "http://www.di.fc.ul.pt/tech-reports/01-12.pdf"
}
Get extended
report (pdf).