707 research outputs found
Microkernel security evaluation.
This thesis documents the successful development and testing of a more secure industrial control system field device architecture and software. The implementation of a secure field device has had limitations in the past due to a lack of secure operating system and guidelines. With the recent verification of OK Labs SEL4 microkernel, a verified operating system for such devices is possible, creating a possibility for a secure field device following open standards using known security protocols and low level memory and functionary isolation. The virtualized prototype makes use of common hardware and an existing secure field device architecture to implement a new level of security where the device is verified to function as expected. The experimental evaluation provides performance data which indicates the usefulness of the architecture in the field and security function integration testing to guarantee secure programs can be implemented on the device. Results of the devices functionality are hopeful, showing useful performance for many applications and further development as a fully functional secure field device
Time Protection: the Missing OS Abstraction
Timing channels enable data leakage that threatens the security of computer
systems, from cloud platforms to smartphones and browsers executing untrusted
third-party code. Preventing unauthorised information flow is a core duty of
the operating system, however, present OSes are unable to prevent timing
channels. We argue that OSes must provide time protection in addition to the
established memory protection. We examine the requirements of time protection,
present a design and its implementation in the seL4 microkernel, and evaluate
its efficacy as well as performance overhead on Arm and x86 processors
Towards a formally designed and verified embedded operating system: case study using the B method
The dramatic growth in practical applications for iris biometrics has been accompanied
by relevant developments in the underlying algorithms and techniques. Along
with the research focused on near-infrared images captured with subject cooperation,
e orts are being made to minimize the trade-o between the quality of the captured
data and the recognition accuracy on less constrained environments, where images are
obtained at the visible wavelength, at increased distances, over simpli ed acquisition
protocols and adverse lightning conditions. At a rst stage, interpolation e ects on
normalization process are addressed, pointing the outcomes in the overall recognition
error rates. Secondly, a couple of post-processing steps to the Daugman's approach
are performed, attempting to increase its performance in the particular unconstrained
environments this thesis assumes. Analysis on both frequency and spatial domains
and nally pattern recognition methods are applied in such e orts. This thesis embodies
the study on how subject recognition can be achieved, without his cooperation,
making use of iris data captured at-a-distance, on-the-move and at visible wavelength
conditions. Widely used methods designed for constrained scenarios are analyzed
- …