{"updated":"2025-01-20T06:47:29.768272+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00095228","sets":["581:7002:7265"]},"path":["7265"],"owner":"11","recid":"95228","title":["An Extensible Secure OS Architecture for Embedded Systems"],"pubdate":{"attribute_name":"公開日","attribute_value":"2013-09-15"},"_buckets":{"deposit":"4ecafc24-0ab2-457c-9297-8b474863b72a"},"_deposit":{"id":"95228","pid":{"type":"depid","value":"95228","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"An Extensible Secure OS Architecture for Embedded Systems","author_link":["358647","358648","358649","358644","358650","358645","358643","358646"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"An Extensible Secure OS Architecture for Embedded Systems"},{"subitem_title":"An Extensible Secure OS Architecture for Embedded Systems","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集：未来を切り開くコンピュータセキュリティ技術] secure architecture, embedded systems, multi-core","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2013-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University"},{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University"},{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University"},{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University","subitem_text_language":"en"},{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University","subitem_text_language":"en"},{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University","subitem_text_language":"en"},{"subitem_text_value":"Department of Computer Science and Engineering, Waseda University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"publish_status":"0","weko_shared_id":11,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/95228/files/IPSJ-JNL5409019.pdf","label":"IPSJ-JNL5409019"},"date":[{"dateType":"Available","dateValue":"2015-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5409019.pdf","filesize":[{"value":"797.5 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"7e4d94d6-b9e2-40d7-8225-a6a347c1c3b0","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2013 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Ning, Li"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yuki, Kinebuchi"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiromasa, Shimada"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tatsuo, Nakajima"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Ning, Li","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yuki, Kinebuchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Hiromasa, Shimada","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tatsuo, Nakajima","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Some recent researches have shown that using a monitoring service outside the target system above hypervisors is an efficient way to protect the target system. The hypervisors isolate the monitoring service based on MMU-methods to improve security. However, The MMU-method may cause heavy overhead when there is no hardware support, which makes this method not viable for embedded processors that are rarely equipped with hardware virtualization extensions. In addition, the vulnerabilities that exist in hypervisors may compromise the isolation. In this paper, we propose a secure OS architecture that fits embedded systems without the dependency of a hypervisor. It provides a robust isolation between the monitoring service and the guest OS based on local memory, a hardware feature. In order to generalize this architecture, we adopt a secure pager to extend the local memory space (physically small) virtually by a swap mechanism with integrity checking of the monitoring service. The secure pager can also update the monitoring service to extend monitoring functions without disturbing the running of the guest OS. Comprehensive evaluations are made in our framework with one instance of embedded Linux as the guest OS and an isolated monitoring service running with the secure pager. The results demonstrate functions of the secure pager and influence of the secure pager on Linux in our system. On processors with a proper architecture, we can build an extensible secure OS architecture with reasonable resource consumption, without the issue of heavy overhead to the guest OS.\n\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.21(2013) No.4 (online)\nDOI http://dx.doi.org/10.2197/ipsjjip.21.650\n------------------------------","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Some recent researches have shown that using a monitoring service outside the target system above hypervisors is an efficient way to protect the target system. The hypervisors isolate the monitoring service based on MMU-methods to improve security. However, The MMU-method may cause heavy overhead when there is no hardware support, which makes this method not viable for embedded processors that are rarely equipped with hardware virtualization extensions. In addition, the vulnerabilities that exist in hypervisors may compromise the isolation. In this paper, we propose a secure OS architecture that fits embedded systems without the dependency of a hypervisor. It provides a robust isolation between the monitoring service and the guest OS based on local memory, a hardware feature. In order to generalize this architecture, we adopt a secure pager to extend the local memory space (physically small) virtually by a swap mechanism with integrity checking of the monitoring service. The secure pager can also update the monitoring service to extend monitoring functions without disturbing the running of the guest OS. Comprehensive evaluations are made in our framework with one instance of embedded Linux as the guest OS and an isolated monitoring service running with the secure pager. The results demonstrate functions of the secure pager and influence of the secure pager on Linux in our system. On processors with a proper architecture, we can build an extensible secure OS architecture with reasonable resource consumption, without the issue of heavy overhead to the guest OS.\n\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.21(2013) No.4 (online)\nDOI http://dx.doi.org/10.2197/ipsjjip.21.650\n------------------------------","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2013-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"54"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2025-01-18T23:42:22.533554+00:00","id":95228,"links":{}}