Practical Principle of Least Privilege for Secure Embedded Systems
| Title | Practical Principle of Least Privilege for Secure Embedded Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Jero, Samuel, Furgala, Juliana, Pan, Runyu, Gadepalli, Phani Kishore, Clifford, Alexandra, Ye, Bite, Khazan, Roger, Ward, Bryan C., Parmer, Gabriel, Skowyra, Richard |
| Conference Name | 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium (RTAS) |
| Date Published | may |
| Keywords | Communication channels, composability, control systems, Embedded systems, Linux, Metrics, pubcrawl, Real-time Systems, resilience, Resiliency, security, Synchronization, Trustworthy Systems |
| Abstract | Many embedded systems have evolved from simple bare-metal control systems to highly complex network-connected systems. These systems increasingly demand rich and feature-full operating-systems (OS) functionalities. Furthermore, the network connectedness offers attack vectors that require stronger security designs. To that end, this paper defines a prototypical RTOS API called Patina that provides services common in featurerich OSes (e.g., Linux) but absent in more trustworthy m -kernel based systems. Examples of such services include communication channels, timers, event management, and synchronization. Two Patina implementations are presented, one on Composite and the other on seL4, each of which is designed based on the Principle of Least Privilege (PoLP) to increase system security. This paper describes how each of these m -kernels affect the PoLP based design, as well as discusses security and performance tradeoffs in the two implementations. Results of comprehensive evaluations demonstrate that the performance of the PoLP based implementation of Patina offers comparable or superior performance to Linux, while offering heightened isolation. |
| DOI | 10.1109/RTAS52030.2021.00009 |
| Citation Key | jero_practical_2021 |