Publications

orange
Download

D1.1 – Abstract Model of the Isolation Manager

The ODSI platform is based on proved kernels to ensure strong security properties compatible with higher level of certi cations. Two models of kernels are developed for two different architectures:

  • The ODSI Hypervisor for ARM / Trustzone architecture
  • The ODSI Mesovisor for Intel architecture

The ODSI Mesovisor (called Pip in the rest of the document) is a protokernel: it allows for kernels, ranging from hypervisors to monolithic kernels, to be developped as user mode applications. This means that only the code of Pip is executed in kernel mode (i.e., the privileged mode of the hardware). Indeed, code running in kernel mode has direct access to the whole memory and hardware. It is thus clearly better, from a security point of view, to keep this code as minimal as possible. This stems from the general principle that the trusted computing base (TCB) should be kept minimal.

orange
Download

D1.2 – Isolation API

PIP is a protokernel: it allows for kernels, ranging from hypervisors to monolithic kernels, to be developed as user mode applications. This means that only PIP is executed in kernel mode (i.e., the privileged mode of the hardware). Indeed, code running in kernel mode has direct access to the whole memory and hardware. It is thus clearly better, from a security point of view, to keep this code as minimal as possible. This stems from the general principle that the trusted computing base (TCB) should be kept minimal. One of the PIP key design is to have a minimal number of functionalities while ensuring strong isolation. More precisely, PIP only manages memory isolation and redirection of interruptions to user space code, and has only 10 system calls. Contrary to micro-kernel, it means that components like scheduler, IPC and authorization are not included in the PIP kernel, neither other mechanism available in monolithic kernel like device abstraction layer, file systems, network stack, etc.

internet
Donwload

D2.2 - Definition of the authentication protocol

This document specifies the Authentication Manager module within the ODSI architecture. Concretely, this document describes the authentication protocol approach taken to solve the need of a secure communication, based on the mutual recognition of two different elements. This will be performed in an environment where every process running on the system will be isolated. However certain limitations are also considered, as the ones expected in small autonomous systems, where no human interaction is present, and devices are constrained, so reduced resources are available.

Usually, public key certificates or Kerberos are used for transport layer authentication. However, this proposal describes how to use symmetric keys (called pre-shared keys or PSKs), shared in advance among the communicating parties, to establish a transport layer secure M2M connection. This is useful in performance-constrained environments with limited CPU power.