Virtual Security Kernel: A Component-Based OS Architecture for Self-Protection

Author

He, Ruan ; Lacoste, Marc ; Leneutre, Jean

fYear

2010

fDate

June 29 2010-July 1 2010

Firstpage

851

Lastpage

858

Abstract

This paper presents VSK, a lightweight adaptable OS authorization architecture suitable for self-protection of pervasive devices. A virtual management plane, separate from execution resources, is defined for full run-time control by applications of their execution environment. This plane also performs non-invasive and yet effective authorization thanks to optimized access request checking. The VSK component-based architecture provides flexibility both in the execution plane (for resource customization) and in the management plane (for run-time reconfiguration of authorization policies). Policy neutrality is achieved by adopting the attribute-based paradigm for access control enforcement. Evaluation results show that despite such flexibility, the overhead of this kernel architecture remains low.

Keywords

authorisation; object-oriented programming; operating system kernels; resource allocation; software architecture; ubiquitous computing; access control enforcement; access request checking; authorization policy; component-based OS architecture; full run-time control; kernel architecture; pervasive devices; policy neutrality; resource customization; run-time reconfiguration; self-protection; virtual management plane; virtual security kernel; Aerospace electronics; Authorization; Computational modeling; Computer architecture; Kernel; OS security; authorization; autonomic computing; component-based systems; kernel architecture; self-protection;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on

Conference_Location

Bradford

Print_ISBN

978-1-4244-7547-6

Type

conf

DOI

10.1109/CIT.2010.160

Filename

5578046