The Caernarvon secure embedded operating system

Operating Systems Review (ACM)

Volumn 42, Issue 1, 2008, Pages 32-39

  Toll, David C ^a   Karger, Paul A ^a   Palmer, Elaine R ^a   McIntosh, Suzanne K ^a   Weber, Sam ^a  

^a IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Common criteria evaluation; Embedded systems; Mandatory access controls; Mobile phones; Operating systems; PDAs; Smart cards

Indexed keywords

COMMON CRITERIA; COMMON CRITERIA EVALUATION; MANDATORY ACCESS CONTROL; MANDATORY ACCESS CONTROLS; OPERATING SYSTEMS;

AUTHENTICATION; COMPUTER OPERATING SYSTEMS; CRYPTOGRAPHY; EMBEDDED SYSTEMS; MOBILE DEVICES; MOBILE PHONES; NETWORK PROTOCOLS; PERSONAL DIGITAL ASSISTANTS; SECURITY SYSTEMS; SMART CARDS; TELEPHONE; TELEPHONE SETS;

NETWORK SECURITY;

EID: 67249144231     PISSN: 01635980     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1341312.1341320     Document Type: Conference Paper

References (29)

1. D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi. The EM side-channel(s). In Cryptographic Hardware and Embedded Systems - CHES 2002, Lecture Notes in Computer Science, Vol.2523, Springer Verlag, pages 29-45, Redwood Shores, CA, 13-15 August 2002.
2. Application interface for smart cards used as secure signature creation devices - part 1: Basic requirements. CWA 14890-14891, Comité Européen de Normalisation, Brussels, Belgium, March 2004. URL: ftp://ftp.cenorm.be/PUBLIC/CWAs/eEurope/eSign/cwa14890-01-2004-Mar.pdf.
3. Application interface for smart cards used as secure signature creation devices - part 1: Basic requirements. prEN 14890-14891:2007, Comité Européen de Normalisation, Brussels, Belgium, March 2007.
4. D. E. Bell and L. J. LaPadula. Computer Security Model: Unified Exposition and Multics Interpretation. ESD-TR-75-306, The MITRE Corporation, Bedford, MA, HQ Electronic Systems Division, Hanscom AFB, MA, June 1975.
5. K. J. Biba. Integrity Considerations for Secure Computer Systems. ESD-TR-76-372, The MITRE Corporation, Bedford, MA, HQ Electronic Systems Division, Hanscom AFB, MA, Apr. 1977.
6. F. C. Bormann, L. Manteau, A. Linke, J. C. Pailles, and J. van Dijk. Concept for trusted personal devices in a mobile and networked environment. In Fifteenth IST Mobile & Wireless Communication Summit, Myconos, Greece, June 2006.
7. G. W. Bush. Policy for a common identification standard for federal employees and contractors. Homeland Security Presidential Directive HSPD-12, The White House, Washington, DC, 27 August 2004. URL: http://csrc.nist.gov/ policies/Presidential-Directive-Hspd-12.html.
8. R. Canetti and H. Krawczyk. Security Analysis of IKE's Signature-Based Key-Exchange Protocol. In Advances in Cryptology - Crypto 2002, pages 143-161, Santa Barbara, CA, 2002. Lecture Notes in Computer Science, Vol.2045, Springer Verlag.
9. M. G. Carter, S. B. Lipner, and P. A. Karger. Protecting data & information: A workshop in computer & data security. Order No. EY-AX00080-SM-001, Digital Equipment Corporation, Maynard, MA, 1982.
10. S. N. Chari, V. V. Diluoffo, P. A. Karger, E. R. Palmer, T. Rabin, J. R. Rao, P. Rohatgi, H. Scherzer, M. Steiner, and D. C. Toll. Method, apparatus and system for resistence to side channel attacks on random number generators. United States Patent Application No. US 2006/0104443A1, Filed 12 November 2004.
11. P.-C. Cheng, P. Rohatgi, C. Keser, P. A. Karger, G. M. Wagner, and A. S. Reninger. Fuzzy multi-level security: An experiment on quantified risk-adaptive access control: Extended abstract. In Proceedings of the IEEE Sympsium on Security and Privacy, pages 222-227, Oakland, CA, 20-23 May 2007. IEEE Computer Society.
12. Common Criteria for Information Technology Security Evaluation, Parts 1, 2, and 3. Version 2.3 CCMB2005-08-001, CCMB2005-08-002, and CCMB2005-08-1003, August 2005. URL: http://www.commoncriteriaportal.org/public/expert/index.php? menu=2.
13. Department of defense trusted computer system evaluation criteria. DOD 5200.28-STD, Washington, DC, Dec. 1985. URL: http://csrc.nist.gov/publications/ history/dod85.pdf.
14. E. W. Dijkstra. The structure of the THE multiprogramming system. Communications of the ACM, 11(5):341-346, May 1968.
15. Functionality classes and evaluation methodology for physical random number generators. AIS 31, Version 1, Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany, 25 Sept. 2001. URL: http://www.bsi.bund.de/zertifiz/zert/interpr/ais31e.pdf.
16. D. Harkins and D. Carrel. The Internet Key Exchange (IKE). RFC 2409, November 1998. URL: ftp://ftp.rfc-editor.org/in-notes/rfc2409.txt.
17. Information technology security evaluation criteria (ITSEC). Version 1.2, Commission of the European Communities, Brussels, Belgium, June 1991. URL: http://www.ssi.gouv.fr/site documents/ITSEC/ITSEC-uk.pdf.
18. Identification cards - Integrated circuit(s) with contacts - Part 3: Electronic signals and transmission protocols, Second edition. ISO Standard 7816-7823, International Standards Organization, Dec. 1997.
19. Identification cards - Integrated circuit(s) with contacts - Part 4: Interindustry commands for interchange, First edition. ISO Standard 7816-7824, International Standards Organization, Sept. 1995.
20. P. A. Karger. Multi-Organizational Mandatory Access Controls for Commercial Applications. RC 21673 (97655), IBM Thomas J. Watson Research Center, Yorktown Heights, NY, 22 February 2000. URL: http://domino.watson.ibm.com/ library/CyberDig.nsf/home.
21. P. A. Karger, V. R. Austel, and D. C. Toll. A New Mandatory Security Policy Combining Secrecy and Integrity. RC 21717 (97406), IBM Thomas J. Watson Research Center, Yorktown Heights, NY, 15 March 2000. URL: http://domino.watson. ibm.com/library/CyberDig.nsf/home.
22. P. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis: Leaking Secrets. In Proceedings of Crypto '99, Lecture Notes in Computer Science, Vol.1666, Springer Verlag, pages 143-161, Santa Barbara, CA, August 1999.
23. H. Krawczyk. SIGMA: the 'SIGn-and-MAc' Approach to Authenticated Diffe-Hellman and its Use in the IKE Protocols. In Advances in Cryptology - CRYPTO 2003 Proceesings, pages 399-424, Santa Barbara, CA, 17-21 August 2003. Lecture Notes in Computer Science, Vol.2729, Springer Verlag.
24. D. Safford and M. Zohar. Trusted computing and open source. Information Security Technical Report, 10(2):74-82, 2005.
25. G. Schellhorn, W. Reif, A. Schairer, P. Karger, V. Austel, and D. Toll. Verification of a formal security model for multiapplicative smart cards. In 6th European Symposium on Research in Computer Security (ESORICS 2000), Lecture Notes in Computer Science, Vol.1895, Springer Verlag, pages 17-36, Toulouse, France, 2000.
26. H. Scherzer, R. Canetti, P. A. Karger, H. Krawczyk, T. Rabin, and D. C. Toll. Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card. In 8th European Symposium on Research in Computer Security (ESORICS 2003), pages 181-200, Gjøvik, Norway, 13-15 October 2003. Lecture Notes in Computer Science, Vol.2808, Springer Verlag.
27. W. L. Schiller. The design and specification of a security kernel for the PDP-11/45. ESD-TR-75-169, The MITRE Corporation, Bedford, MA, HQ Electronic Systems Division, Hanscom AFB, MA, May 1975. URL: http://csrc.nist.gov/ publications/history/schi75.pdf.
28. J. Whitmore, A. Bensoussan, P. Green, D. Hunt, A. Kobziar, and J. Stern. Design for Multics security enhancements. ESD-TR-74-176, Honeywell Information Systems, Inc., HQ Electronic Systems Division, Hanscom AFB, MA, Dec. 1973. URL: http://csrc.nist.gov/publications/history/whit74.pdf.
29. K.-L. Wu, P. S. Yu, B. Gedik, K. Hildrum, C. C. Aggarwal, E. Bouillet, W. Fan, D. George, X. Gu, G. Luo, and H. Wang. Challenges and experience in prototyping a multi-modal stream analytic and monitoring application on System S. In Proceedings of the 33rd International Conference on Very Large Data Bases, pages 1185-1196, Vienna, Austria, 23-27 September 2007. URL: http://www.vldb.org/conf/2007/papers/industrial/p1185-wu.pdf.