Seminars & Colloquia
TU Dresden, Germany
"Towards Smaller Trusted Computing Bases"
Monday April 29, 2013 10:30 AM
Location: 3211, EBII NCSU Centennial Campus
(Visitor parking instructions)
This talk is part of the System Research Seminar series
Trusted computing bases (TCB), i.e. the set of components that have to be trusted for a specific (security) objective, have grown large. Especially their Software parts consist of tens of million lines of code if based on modern commodity operating systems.
We report on an ongoing effort to reduce the SW parts of TCBs. Key insights are that TCBs should be considered to be application-specific, can and should be based on isolated components and reuse legacy by splitting into critical and uncritical parts. The talk discusses security objectives, design principles, isolation alternatives (HLL vs VM vs Microkernels), and studies in detail VPFS, a file system implemented following these principles. We will also mention caveats and limitations for practical usages.
Hermann Haertig is Professor for Operating Systems at the TU Dresden, Germany. His current research is in the area of micro-kernel-based operating systems with emphasis on support for real-time, high-security and fault-tolerant systems. From 1984 to 1994 he was a researcher at the German National Research Center for Computer Science (GMD) where he lead the BirliX OS project that lead to the BirliX Security Architecture. Hermann Haertig received his Ph.D at Karlsruhe University in 1984. In addition to his various permanent positions, Dr. Haertig has had extended stays at Berkeley, MIT, Hebrew Univ. in Jerusalem, University of New South Wales in Sydney, Australia, and Intel MRL.
Host: Frank Mueller, Computer Science, NCSU