Open AccessA bottom‐up approach to verifiable embedded system information flow security
Author(s) -
Mu Dejun,
Hu Wei,
Mao Baolei,
Ma Bo
Publication year - 2014
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2012.0342
Subject(s) - computer science , information flow , covert channel , computer security model , abstraction , computer security , information security , software deployment , security policy , distributed computing , security information and event management , cloud computing security , software engineering , operating system , cloud computing , philosophy , linguistics , epistemology
With the wide deployment of embedded systems and constant increase in their inter‐connections, embedded systems tend to be confronted with attacks through security holes that are hard to predict using typical security measures such as access control or data encryption. To eliminate these security holes, embedded security should be accounted for during the design phase from all abstraction levels with effective measures taken to prevent unintended interference between different system components caused by harmful flows of information. This study proposes a bottom‐up approach to designing verifiably information flow secure embedded systems. The proposed method enables tight information flow controls by monitoring all flows of information from the level of Boolean gates. It lays a solid foundation to information flow security in the underlying hardware and exposes the ability to prove security properties to all abstraction levels in the entire system stack. With substantial amounts of modifications made to the instruction set architecture, operating system, programming language and input/output architecture, the target system can be designed to be verifiably information flow secure.