A security kernel architecture built on trusted computing platform in the light of thinking about trusted computing is presented. According to this architecture, a new security module TCB (Trusted Computing Base) is added to the operation system kernel and two operation interface modes are provided for the sake of self-protection. The security kernel is divided into two parts and trusted mechanism is separated from security functionality. The TCB module implements the trusted mechanism such as measurement and attestation, while the other components of security kernel provide security functionality based on these mechanisms. This architecture takes full advantage of functions provided by trusted platform and clearly defines the security perimeter of TCB so as to assure self-security from architectural vision. We also present function description of TCB and discuss the strengths and limitations comparing with other related researches.
[1]
William A. Arbaugh,et al.
A secure and reliable bootstrap architecture
,
1997,
Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).
[2]
Tal Garfinkel,et al.
Terra: a virtual machine-based platform for trusted computing
,
2003,
SOSP '03.
[3]
Morrie Gasser,et al.
The Digital Distributed System Security Architecture
,
1989
.
[4]
Butler W. Lampson,et al.
A Trusted Open Platform
,
2003,
Computer.
[5]
G. Edward Suh,et al.
AEGIS: architecture for tamper-evident and tamper-resistant processing
,
2003
.
[6]
Jean Mermet.
Hardware description languages in France
,
1974,
Computer.