Options
Information Flow Secure CAmkES
Journal
International Conference on Internet of Things, Big Data and Security, IoTBDS - Proceedings
Date Issued
2021-01-01
Author(s)
Goyal, Amit
Garg, Akshat
Gour, Digvijaysingh
Shyamasundar, R. K.
Sivakumar, G.
Abstract
Component Architecture for microkernel-based Embedded Systems (CAmkES) is a framework used to build embedded systems software on the top of seL4. seL4, a general purpose microkernel, uses the underlying Discretionary Access Control (DAC) capability model to ensure confidentiality and integrity of the systems built on it. These systems are not information flow secure as DAC model only considers direct read/write accesses and does not consider the indirect accesses. In indirect access, an unauthorized subject can get access to an object through another subject which has the direct access to that object. In this paper, we model and implement information flow secure CAmkES (IFS-CAmkES) which ensures complete mediation by RWFM monitor which is based upon Readers Writers Flow Model (RWFM), a Mandatory Access Control (MAC) model. IFS-CAmkES can be considered as CAmkES enriched with MAC based security. Prototypes of some real life examples have been implemented on IFS-CAmkES. We also compare the performance of CAmkES and IFS-CAmkES based systems.
Subjects