TY - GEN
T1 - FIDES
T2 - 3rd IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and Systems Synthesis CODES+ISSS 2005
AU - Inoue, Hiroaki
AU - Ikeno, Akihisa
AU - Kondo, Masaki
AU - Sakai, Junji
AU - Edahiro, Masato
PY - 2005
Y1 - 2005
N2 - We propose a secure platform on a chip multiprocessor, known as FIDES, in order to enable next generation mobile terminals to execute downloaded native applications for Linux. Its most important feature is the higher security based on multi-grained separation mechanisms: coarse-grained processor-level separation of the basic-function domain from other domains for such downloaded applications, medium-grained OS-level separation, and fine-grained process-level separation within SELinux. Four new technologies, which include three enhancements to SELinux, support the FIDES platform: 1) bus filter logic for processor-level separation can be implemented as a small logic, 2) XIP kernels for memory-efficient OS-level separation can reduce memory requirements by 182%, 3) policy separation for enhanced process-level separation can apply policies 2.1 times faster at system bootup, and 4) dynamic access control can provide secure Inter-Domain Communications (IDCs) with an overhead of only 4% for IDC system calls. We implemented SELinuxes on an ARM-based multiprocessor. Therefore, the best-suited platform to secure next generation mobile terminals is the FIDES platform, which can provide higher security as well as higher performance and lower power consumption on chip multiprocessors leading the current technology trend of microprocessors.
AB - We propose a secure platform on a chip multiprocessor, known as FIDES, in order to enable next generation mobile terminals to execute downloaded native applications for Linux. Its most important feature is the higher security based on multi-grained separation mechanisms: coarse-grained processor-level separation of the basic-function domain from other domains for such downloaded applications, medium-grained OS-level separation, and fine-grained process-level separation within SELinux. Four new technologies, which include three enhancements to SELinux, support the FIDES platform: 1) bus filter logic for processor-level separation can be implemented as a small logic, 2) XIP kernels for memory-efficient OS-level separation can reduce memory requirements by 182%, 3) policy separation for enhanced process-level separation can apply policies 2.1 times faster at system bootup, and 4) dynamic access control can provide secure Inter-Domain Communications (IDCs) with an overhead of only 4% for IDC system calls. We implemented SELinuxes on an ARM-based multiprocessor. Therefore, the best-suited platform to secure next generation mobile terminals is the FIDES platform, which can provide higher security as well as higher performance and lower power consumption on chip multiprocessors leading the current technology trend of microprocessors.
KW - Chip Multiprocessor
KW - Linux
KW - Secure Mobile Terminal
UR - http://www.scopus.com/inward/record.url?scp=27644551800&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=27644551800&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:27644551800
SN - 1595931619
T3 - CODES+ISSS 2005 - International Conference on Hardware/Software Codesign and System Synthesis
SP - 178
EP - 183
BT - CODES+ISSS 2005 - International Conference on Hardware/Software Codesign and Systems Synthesis
Y2 - 18 September 2005 through 21 September 2005
ER -