Professional Documents
Culture Documents
Hardware-Assisted Security Enhanced Linux in Embedded Systems: A Proposal
Hardware-Assisted Security Enhanced Linux in Embedded Systems: A Proposal
Hardware-Assisted Security Enhanced Linux in Embedded Systems: A Proposal
to the corresponding access vector. It also provides function- devices. The tuning consists of two parts, i.e., the reduction
ality for loading and changing policies at boot and run-time. of the policy size by utilizing a specific policy writing tool [4],
In SELinux, the policy database is implemented as a com- and the tuning of kernel and userland by removing unneeded
mon single linked list hash-table (the Access Vector Table functions and redundant permission checks from the kernel,
avtab) [1], which is composed of a pointer to the head nodes, by reducing file size by removing features unnecessary for
the number of slots, and a mask for the hash function com- embedded devices, and by reducing memory usage by re-
putation. The key used for retrieving the permission is the moving unnecessary data structures from the kernel. On the
hash of the concatenation of the subject identifier (SSID), porting of SELinux on embedded devices, [14] describes the
the target identifier (TSID), and the object class (OBJC). integration of Security-Enhanced Linux LSM with Android-
An access vector stores the permission for that specific key. powered mobile devices, evaluating its ability to improve
Android’s security. Also in this case, notable slowdowns
2.3 Access Vector Cache in operations requiring additional permission checks was re-
The AVC caches decisions made by the security server for ported.
subsequent access checks and thus provides significant per-
formance improvements. Whenever a resource is requested, In this work, we propose for the first time the use of hard-
the AVC is first searched for a decision previously taken. In ware accelerators for enhancing performance of executing
case of a miss, the query is forwarded to the policy database SELinux operations on embedded devices. Our solution is
into the security server, and the decision of the security complementary to previous work on portig SELinux on such
server is finally stored in the AVC for future occurrences. type of systems, and it can be applied together with the pre-
The information stored in the AVC is replaced following a vious techniques described for limiting the overhead due to
LRU policy, therefore exploiting access temporal locality. Its the mandatory policy based access control mechanism. In
size is small to improve the search procedure performance particular, we propose to trade off on-chip area and some
and ease memory requirements. The AVC also provides the flexibility for performance (and reduced power consump-
SELinux interfaces for the Linux security modules (LSM) tion), a simpler memory management for the policies, and
hooks and with the kernel object managers. Similarly to an increased security. Our work can be considered com-
the policy database, in SELinux the AVC is implemented as plementary also to [13], where an mandatory access control
a common single linked list hash-table, and the key used for mechanism alternative to SELinux, and designed for mobile
retrieving the permission is the hash of the concatenation of devices, is proposed and evaluated.
the SSID, the TSID, and the OBJC.
Regarding the use of hardware accelerators for Operating
Systems (OSs), some previous work can be found in the lit-
3. MOTIVATIONS AND RELATED WORK terature. In [6], tasks management in MPSOCs is supported
SELinux is a powerful tool to overcome intrinsic security through a ASIP-based solution, by adopting a processor core
weaknesses of the access control of the Linux kernel. It specially designed to provide OS support to the multiproces-
is usage has been proven efficient and reliable in servers sor system. Similarly, in [12] a coprocessor is proposed for
and desktop PC. Being focused on this type of systems, performing scheduling in a homogeneous cluster of simpli-
many features were added during its development, and its fied RISC processors, with a low context switch overhead.
resource consumption and overhead in term of CPU usage, In [7] and [9], programming support is also provided. In
file size, and memory, has become unacceptable for embed- particular, [9] propose a hardware real time operating sys-
ded computing [10]. While overhead due to the security tem (HW-RTOS) that implements the OS layer in a dual-
checks in system calls (syscalls) may appear insignificant in processor SMP architecture, and that allow specifying in-
desktop environments [8], for embedded systems high over- tertask communication by means of dedicated APIs. The
head (more then 100%) have been reported, in particular for HW-RTOS takes care of the communication requirements
read/write functions, which are, moreover, among the func- of the application and also implements the task scheduling
tions executed the most [10, 14]. Moreover, the file size of algorithm, with smaller footprints, and exploiting efficiently
the kernel and userland increases of around 2MBytes when task migration feature provided by an SMP architecture.
SELinux is ported. While acceptable for desktop devices,
for embedded computing may represent a problem, being in Our solution adopts the similar idea of using hardware ac-
fact the dimension of the flash ROM used for storing a file celerators for improving performances of the operations per-
system of around 32MBytes. Similarly, the memory con- formed by the OS. While related work focus on providing
sumption used usually for storing in desktop computers the hardware support for OS operations for mainly improving
security policies may be too requiring in embedded devices. real-time capabilities of the system, our work, for the first
time, focuses on presenting a hardware architecture for im-
In [10], a solution for overcoming these limitations has been proving performance in the application of the security oper-
proposed. The authors proposed to tune SELinux in order ations needed when running SELinux on embedded or con-
to reduce the resource consumption on consumer electronic
Table 2: Comparison
a b c
Flexibility aaa fff
Area overhead aaa fff
Performance Improvement aaa fff