Nested compartmentalisation for constrained devices

Dejon, Nicolas; Gaber, Chrystel; Grimaud, Gilles

Document type :

Autre communication scientifique (congrès sans actes - poster - séminaire...): Communication dans un congrès avec actes

DOI :

10.1109/FiCloud49777.2021.00055

Title :

Nested compartmentalisation for constrained devices

Author(s) :

Dejon, Nicolas [Auteur]
Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 [CRIStAL]
Extra Small Extra Safe [2XS]
Orange Labs [Caen]
Gaber, Chrystel [Auteur]
Orange Labs [Caen]
Grimaud, Gilles [Auteur]

Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189 [CRIStAL]
Extra Small Extra Safe [2XS]

Conference title :

2021 8th International Conference on Future Internet of Things and Cloud (FiCloud)

City :

Rome

Country :

France

Start date of the conference :

2021-08-23

Publisher :

IEEE

English keyword(s) :

nested compartmentalisation
constrained devices
MPU

HAL domain(s) :

Informatique [cs]/Système d'exploitation [cs.OS]
Informatique [cs]/Systèmes embarqués
Informatique [cs]/Cryptographie et sécurité [cs.CR]

English abstract : [en]

This paper presents a framework and implementation guidelines to set up nested compartmentalisation in constrained devices. All memory spaces are protected by the Memory Protection Unit (MPU). Current MPU-based systems ...
Show more >This paper presents a framework and implementation guidelines to set up nested compartmentalisation in constrained devices. All memory spaces are protected by the Memory Protection Unit (MPU). Current MPU-based systems offer efficient memory protection but are mostly tied to the fixed permission model provided by their operating system, kernel, hypervisor or by code instrumentation. New use cases evolve with the rise of the Internet of Things (IoT) ecosystems where software components could benefit from locally and dynamically established permissions. This includes a temporary nested subspace with restricted memory access rights. Our framework integrates subspace creation and management for runtime dynamic changes of the permission model for any level of abstraction. Global security policies of fixed permission models are reflected in the software architecture and the implementation of the framework. We also demonstrate the feasibility of providing nested compartmentalisation by showing how to leverage the MPU features.Show less >

Language :

Anglais

Peer reviewed article :

Oui

Audience :

Internationale

Popular science :

Non

Collections :

Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189

Source :

Harvested from HAL

Files

https://hal.archives-ouvertes.fr/hal-03679889/document
Open access
Access the document

https://hal.archives-ouvertes.fr/hal-03679889/document
Open access
Access the document

https://hal.archives-ouvertes.fr/hal-03679889/document
Open access
Access the document

Nested compartmentalisation for constrained ... BibTeX CSV Excel RIS

Files

Nested compartmentalisation for constrained ...

BibTeX

CSV

Excel

RIS