Paper 2016/550

Antikernel: A Decentralized Secure Hardware-Software Operating System Architecture

Andrew D. Zonenberg and Bulent Yener

Abstract

The ``kernel" model has been part of operating system architecture for decades, but upon closer inspection it clearly violates the principle of least required privilege. The kernel is a single entity which provides many services (memory management, interfacing to drivers, context switching, IPC) which have no real relation to each other, and has the ability to observe or tamper with all state of the system. This work presents Antikernel, a novel operating system architecture consisting of both hardware and software components and designed to be fundamentally more secure than the state of the art. To make formal verification easier, and improve parallelism, the Antikernel system is highly modular and consists of many independent hardware state machines (one or more of which may be a general-purpose CPU running application or systems software) connected by a packet-switched network-on-chip (NoC). We create and verify an FPGA-based prototype of the system.

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in CHES 2016
Keywords
network on chipsystem on chipsecurityoperating systemshardware accelerators
Contact author(s)
andrew zonenberg @ ioactive com
yener @ cs rpi ed
History
2016-06-02: received
Short URL
https://ia.cr/2016/550
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/550,
      author = {Andrew D.  Zonenberg and Bulent Yener},
      title = {Antikernel: A Decentralized Secure Hardware-Software Operating System Architecture},
      howpublished = {Cryptology ePrint Archive, Paper 2016/550},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/550}},
      url = {https://eprint.iacr.org/2016/550}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.