LinuxConf Europe 2007

Photos and reports

Timetable

Programme

Registration

LPI Exams

Conference Dinner (Sunday)

Duxford Excursion (Monday)

Exhibitors and Sponsors

Accommodation

Venue

Travel

About Cambridge

Kernel Summit 2007

Other GUUG events

Other UKUUG events

Hadi Nahari - MontaVista Software, Inc.

Trusted Secure Embedded Linux

With the ever-increasing presence of Linux implementations in embedded devices (mobile handsets, set-top boxes, headless computing devices, medical equipments, etc.) there is a strong demand for defining the security requirements, augmenting, enhancing, and hardening the operating environment. Currently an estimated 70\% of new semiconductor devices are Linux-enabled; such a high growth is accompanied by inevitable security risks, hence the requirement for hardware-based trusted and secure computing environment, enhanced with MAC (Mandatory Access Control) mechanisms for such devices in order to provide appropriate levels of protection. Due to stringent security requirements for resource-constrained embedded devices, establishing the trust-chain on hardware root of trust, and deploying MAC mechanisms to balance performance and control are particularly challenging tasks.

This paper presents the status of MontaVista Software efforts to implement such solution based on ARM cores that provide isolation for the computing environments, as well as SELinux (Security Enhanced Linux) to provide MAC for embedded devices. We will focus on practical aspects of hardware integration as well as porting SELinux to resource-constrained devices.

Submitted paper

and Paper (ZIP) .