Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory Technology Problem Space • Windows and Linux computers.
Download ReportTranscript Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory Technology Problem Space • Windows and Linux computers.
Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory Technology Problem Space • Windows and Linux computers can not be trusted for high assurance applications because they are too complex to secure or verify – Monolithic kernel design – Bug in mouse driver compromises entire system – OS can not protect itself • Users want to use these systems • Can a high assurance computing environment be built with low assurance components? Technology – Trusted Ring Framework • Security enhancing software architecture that – is independent of OS – supports security service modules – provides a high assurance base from which to assert that desired security properties hold true – is based on hardware protection mechanisms Linux OS Trusted Ring Framework Ring 3 User Applications User Applications Ring 2 Unused Operating System Kernel Ring 1 Unused Security Services Ring 0 Operating System Kernel Trusted Ring Microkernel Technology – Security Service Modules • Security Services enhance the security of the operating system • Operate in an execution domain that is independent of and isolated from the operating system • Examples: – Platform self-healing capability – Protected encryption engine for online banking Technology Applications • Information Assurance – Security policy can be enforced despite compromises to the integrity of the operating system • General purpose high assurance computing platforms • Complimentary to virtualization technologies – Enhance security from within a VM – Enhance security of VMM Commercial Applications • Any Intel IA-32 computer application with IA requirements – – – – Banking SCADA Government Electronic Voting • Technology Readiness – Proof-of-concept Trusted Ring Framework implementation for a Fedora Core 1 Linux operating system – Basic self-healing security service implementation Contact Information • For technical information contact: Michael DiRossi, Inventor 443-778-1349 [email protected] • For licensing information contact: Norma Lee Todd, Technology Manager Office of Technology Transfer The Johns Hopkins University Applied Physics Laboratory 11100 Johns Hopkins Road Laurel, MD 20723 443-778-4528 [email protected] www.jhuapl.edu/ott