Gordon, Nicholas
(2025)
Secure I/O on trusted platforms with lightweight kernels.
Doctoral Dissertation, University of Pittsburgh.
(Unpublished)
Abstract
Trusted computing has become widespread and the complexity of trusted applications has increased substantially, such as in real-time patient vitals data processing or employee- free stores that continuously monitor customers. These applications differ from existing trusted computing usage in that they directly acquire and process sensitive information from sensors like cameras and microphones. Simultaneously, application demands are ex- panding to include a rich, general-purpose OS environment to provide network, filesystems, and multicomputing capabilities. An application runtime of similar capability approaches an OS in terms of complexity and would require extensive interfacing with the underlying untrusted OS anyway, so we claim that a full-stack trusted OS provides similar capabilities with a smaller, less complex trust profile. Further, current trusted OSes fail to provide this environment because they are designed to provide trusted services to untrusted applications, and the use of full-weight kernels (FWKs) like Linux is ruled out due to security concerns. We aim to solve this problem by using lightweight kernels (LWK), which strike the correct balance between security and usability and can fully exploit hardware to provide secure device I/O. Lightweight kernels are an OS design approach that presents a familiar programming environment to Linux both in userspace and in the kernel, allowing many applications to run without modification, as well as ease porting of existing device drivers. Further, hardware is more directly exposed to programmers–that is, with fewer hardware abstraction layers– enabling easy leveraging of platform hardware and peripherals. To demonstrate these design advantages we develop a LWK trusted OS for the ARM TrustZone environment on a typical IoT or edge computing hardware platform. Specifically, we extend the Kitten LWK to be TrustZone-aware, develop an I/O stack to demonstrate the viability of a camera driver, and then build a framework for securely paravirtualizing existing Linux drivers by using recent, modern TrustZone hardware.
Share
| Citation/Export: |
|
| Social Networking: |
|
Details
| Item Type: |
University of Pittsburgh ETD
|
| Status: |
Unpublished |
| Creators/Authors: |
|
| ETD Committee: |
|
| Date: |
7 January 2025 |
| Date Type: |
Publication |
| Defense Date: |
8 August 2024 |
| Approval Date: |
7 January 2025 |
| Submission Date: |
30 August 2024 |
| Access Restriction: |
No restriction; Release the ETD for access worldwide immediately. |
| Number of Pages: |
107 |
| Institution: |
University of Pittsburgh |
| Schools and Programs: |
School of Computing and Information > Computer Science |
| Degree: |
PhD - Doctor of Philosophy |
| Thesis Type: |
Doctoral Dissertation |
| Refereed: |
Yes |
| Uncontrolled Keywords: |
operating systems, multikernel, security, edge, IoT, partitioning |
| Date Deposited: |
07 Jan 2025 19:34 |
| Last Modified: |
07 Jan 2025 19:34 |
| URI: |
http://d-scholarship.pitt.edu/id/eprint/46961 |
Metrics
Monthly Views for the past 3 years
Plum Analytics
Actions (login required)
 |
View Item |
![[feed]](/images/feed-icon-32x32.png){kind=icon}