By Topic

Less is More -- A Secure Microkernel-Based Operating System

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Lackorzynski, A. ; Oper. Syst. Group, Tech. Univ., Dresden, Germany ; Warg, A.

Micro kernel-based systems have gone through a steady development and current implementations have reached a new level of functionality. While the first systems started with the fundamental idea, latest systems offer a wide range of features. Experience showed that the most important feature, a secure system architecture, cannot be retrofitted into the system at a later stage but must be the core of it. A recent redesign of the architecture introduced capability-based access control on objects as the core mechanism upon which any functionality is built. Features of current systems include support for multi-cores, portability across different architectures, real-time execution and virtualization. Micro kernels are built with the goal of being sufficiently generic to host multiple subsystems with differing isolation and security requirements. Although putting functionality into many different components sounds appealing, it is a severe burden on the implementation side. It must be possible to reuse existing software, and with the help of virtualization techniques it is possible to find a better split of components. This way systems with a small trusted computing base can be built without reimple menting existing functionality. One of the open questions is how such a split must be designed and can be implemented and offered in a generic way, given all the options current modern systems offer. In this paper we report on the current state of the operating system developed at TU Dresden, focusing on its security mechanisms, and possible future direction that we envision with the ongoing changes in the hardware and software world.

Published in:

SysSec Workshop (SysSec), 2011 First

Date of Conference:

6-6 July 2011