Title :
Virtual Security Kernel: A Component-Based OS Architecture for Self-Protection
Author :
He, Ruan ; Lacoste, Marc ; Leneutre, Jean
fDate :
June 29 2010-July 1 2010
Abstract :
This paper presents VSK, a lightweight adaptable OS authorization architecture suitable for self-protection of pervasive devices. A virtual management plane, separate from execution resources, is defined for full run-time control by applications of their execution environment. This plane also performs non-invasive and yet effective authorization thanks to optimized access request checking. The VSK component-based architecture provides flexibility both in the execution plane (for resource customization) and in the management plane (for run-time reconfiguration of authorization policies). Policy neutrality is achieved by adopting the attribute-based paradigm for access control enforcement. Evaluation results show that despite such flexibility, the overhead of this kernel architecture remains low.
Keywords :
authorisation; object-oriented programming; operating system kernels; resource allocation; software architecture; ubiquitous computing; access control enforcement; access request checking; authorization policy; component-based OS architecture; full run-time control; kernel architecture; pervasive devices; policy neutrality; resource customization; run-time reconfiguration; self-protection; virtual management plane; virtual security kernel; Aerospace electronics; Authorization; Computational modeling; Computer architecture; Kernel; OS security; authorization; autonomic computing; component-based systems; kernel architecture; self-protection;
Conference_Titel :
Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on
Conference_Location :
Bradford
Print_ISBN :
978-1-4244-7547-6
DOI :
10.1109/CIT.2010.160
