|
10.
12.
2010
Provable Protection of Confidential Data in Microkernel-Based Systems
Marcus Völp
TU Dresden
Today's mobile, desktop, and server systems process inceasing
amounts of high-value personal, commercial or industrial data. Yet,
despite over 30 years of academic and industrial efforts, the
provable protection of confidential data against leakage over covert
channels is still an issue. This dissertaion's thesis is to combine
the complementary strength of microkernel-based systems and
security-type-system-based static analyzes to provably protect
confidential data in open microkernel-based systems. The two
central contributions of this thesis are a non-interference-secure
budget-enforcing fixed-priority scheduler that prevents leakage over
scheduling-related timing channels while it preserves the real-time
properties of the threads it scheduler; and a sound
security-typesystem-based static analysis to prove the absence of
security-policy violating information flows in the low-level
operating-system code of microkernel-based systems.
|
