Component isolation in the Think architecture.

We present in this paper the security features of Think, an ob ject-oriented architecture dedicated to build customized operating system kernels. The Think architecture is composed of an object- oriented software framework including a trader, and a library of system abstractions programmed as components. We show how to use this architecture to build secure and efficient kernels. Policy-neutral security is achieved by providing elementary tools that can be used by the system programmer to build a system resistant to security hazards, and a security manager that uses these tools to enforce a given security policy. An example of such a secure system is given by detailing how to ensure component isolation with a elementary software-based memory isolation tool

Protection in Flexible Operating System Architectures

International audienceThis paper presents our work concerning flexibility and protection in operating system kernels. In most existing operating systems, security is enforced at the price of flexibility by imposing protection models on the system programmer when building his system. We prove that flexibility can be preserved by separating the management of the protection policy from the tools used to enforce it. We present the secure software framework we have implemented in the Think architecture to manage protection policies and guarantee they are carried out as specified. We then detail the elementary protection tools provided to the programmer so he can protect his system against unauthorized accesses and denial of service attacks. These tools are implemented in a policy-neutral way so as to guarantee their flexibility. Finally we validate our results by evaluating the flexibility of the protection provided on selected examples of dynamic modification of the protection policy

Protection in the Think exokernel

In this paper, we present our preliminary ideas concerning the adaptation of security and protection techniques in the Think exokernel. Think is our proposition of a distributed adaptable kernel, designed according to the exokernel architecture. After summing up the main motivations for using the exokernel architecture, we describe the Think exokernel as it has been implemented on a PowerPC machine. We then present the major protection and security techniques that we plan to adapt to the Think environment, and give an example of how some of these techniques can be combined with the Think model to provide fair and protected resource management. Finally, we briefly present the iPAQ Pocket PC to which we plan to port the Think exokernel and explain our interest in this kind of mobile devices

Building secure embedded kernels with the Think architecture.

We present in this paper the security features of Think, an object-oriented architecture dedicated to build customized operating system kernels. The Think architecture is composed of an object-oriented software framework including a trader, and a library of system abstractions programmed as components. We show how to use this architecture to build secure and efficient kernels for embedded systems. Policy- neutral security is achieved by providing elementary tools that can be used by the system programmer to build a system resistant to denial of service attacks and incorporating data access control. An example of such a secure system is given by detailing how to ensure component isolation with a elementary software-based memory isolation tool

Trusted Collaborative Real Time Scheduling in a Smart Card Exokernel

This paper presents the work we have conducted concerning real time scheduling in Camille, an exokernel dedicated to smart cards. We show that it is possible to embedded a flexible real-time operating system despite the important hardware limitations of the smart card platform. We present the major difficulties one has to face when integrating real time support in an exokernel embedded on a very resource-limited platform. We first present a naive solution consisting in allocating an equal time slice to every system extensions and letting each one share it as needed amongst its tasks. We show that this solution does not account for loading of new extensions in the system, and that it can fail if some extensions have much more work to carry out than the others. We then present a more complex solution based upon collaborative schedulers grouped as virtual extensions. We show that this solution supports dynamic loading of new extensions and works even for very unbalanced task repartitions. We finally address the issue of trust between the collaborating extensions and we propose a solution based on exhaustive testing and formal proving of the plan functions

On-The-Fly Metadata Stripping For Embedded Java Operating Systems

International audienceConsidering the typical amount of memory available on a smart card, it is essential to minimize the size of the runtime environment to leave as much memory as possible to applications. This paper shows that on-the-fly constant pool packing can result in a significant reduction of the memory footprint of an embedded Java runtime environment. We first present Jits, an architecture dedicated to building fully-customized Java runtime environments for smart cards. We then detail the op- timizations we have implemented in the class loading mechanism of Jits to reduce the size of the loaded class constant pool. By suppress- ing constant pool entries as they become unnecessary during the class loading process, we manage to compact constant pools of loaded classes to less than 8% of their initial size. We then present the results of our mechanism in term of constant pool and class size reductions, and conclude by suggesting some more aggressive optimizations

A Low-Footprint Class Loading Mechanism for Embedded Java Virtual Machines

This paper shows that it is possible to dramatically reduce the memory consumption of classes loaded in an embedded Java virtual machine without reducing its functionalities. We describe how to pack the constant pool by deleting entries which are only used during the class loading process. We present some benchmarks which demonstrate the efficiency of this mechanism. We finally suggest some additional optimizations which can be applied if some restrictions to the functionalities of the virtual machine can be tolerated

Component isolation in the Think architecture.

We present in this paper the security features of Think, an ob ject-oriented architecture dedicated to build customized operating system kernels. The Think architecture is composed of an object- oriented software framework including a trader, and a library of system abstractions programmed as components. We show how to use this architecture to build secure and efficient kernels. Policy-neutral security is achieved by providing elementary tools that can be used by the system programmer to build a system resistant to security hazards, and a security manager that uses these tools to enforce a given security policy. An example of such a secure system is given by detailing how to ensure component isolation with a elementary software-based memory isolation tool

Efficient Region-Based Memory Management for Resource-limited Real-Time Embedded Systems.

This paper presents a simple and efficient static analysis algorithm, combined with a region allocation policy for real-time embedded Java applications. The goal of this work is to provide a static analysis mechanism efficient enough to be integrated in an assisted-development environment, and to implement region-based memory management primitives suited for resource-limited platforms such as smart cards

A Methodology and Supporting Tools for the Development of Component-Based Embedded Systems.

International audienceThe paper presents a methodology and supporting tools for developing component-based embedded systems running on resource- limited hardware platforms. The methodology combines two complementary component frameworks in an integrated tool chain: BIP and Think. BIP is a framework for model-based development including a language for the description of heterogeneous systems, as well as associated simulation and verification tools. Think is a software component framework for the generation of small-footprint embedded systems. The tool chain allows generation, from system models described in BIP, of a set of func tionally equivalent Think components. From these and libraries including OS services for a given hardware platform, a minimal system can be generated. We illustrate the results by modeling and implementing a software MPEG encoder on an iPod