SlideShare ist ein Scribd-Unternehmen logo

Muen Separation Kernel overview

AdaCore
AdaCore

This document discusses the Muen Separation Kernel developed by secunet Security Networks AG and researchers at HSR University of Applied Sciences Rapperswil. It describes how Muen uses a separation kernel to isolate untrusted components and reduce complexity in the trusted computing base. Formal verification with SPARK 2014 helps prove properties like correct VMCS addressing and ensures the integrity of the kernel.

Software
1 von 38
Downloaden Sie, um offline zu lesen
. secunet Security Networks AG . . The Muen Separation Kernel .. Robert Dorn Reto Buerki Adrian Rueegsegger HSR University of Applied Sciences Rapperswil 23.10.2014
. About secunet Germany's leading provider of IT security Security partner of the Federal Republic of Germany More than 340 employees Robert Dorn, Senior Consultant at secunet Responsible for design & development of Separation Kernel based systems www.secunet.com Page 2 23.10.2014 The Muen Separation Kernel
. About HSR University of Applied Sciences with around 1500 students Located in Rapperswil, Switzerland Reto Buerki & Adrian-Ken Rueegsegger, researchers @ Institute for Internet Technologies and Applications Core developers of Muen www.hsr.ch Page 3 23.10.2014 The Muen Separation Kernel
. Security of Complex Software P(Program_Correct) = P (Line_Correct)SLOC Page 4 23.10.2014 The Muen Separation Kernel
. Security of Complex Software 100% 10% 1% 10 1 0.1 1 10 100 1 000 10 000 100 000 P(Defective Program) kSLOC defects/kSLOC 0.1 Page 5 23.10.2014 The Muen Separation Kernel
. Security of Complex Software 100% 10% 1% Assumptions (e.g.): 10% security defects, 20% exploitable 10 1 0.1 1 10 100 1 000 10 000 100 000 P (Exploitable Program) kSLOC defects/kSLOC 0.1 Page 6 23.10.2014 The Muen Separation Kernel
. Secure Software Tiny size Very low defect rate Low security defect ratio Page 7 23.10.2014 The Muen Separation Kernel
. Reducing Complexity of Trusted Code . trusted Page 8 23.10.2014 The Muen Separation Kernel
. Reducing Complexity of Trusted Code . trusted Page 8 23.10.2014 The Muen Separation Kernel
. Reducing Complexity of Trusted Code . untrusted trusted Proper Interface Page 8 23.10.2014 The Muen Separation Kernel
. Reducing Complexity of Trusted Code . untrusted trusted Isolation Proper Interface Partitioning Page 8 23.10.2014 The Muen Separation Kernel
. Reducing Complexity of Trusted Code . trusted Separation Kernel untrusted trusted Page 8 23.10.2014 The Muen Separation Kernel
. Architecting Secure Systems . Open Network Linux Encryption Key Management Decryption Protected Network Separation Kernel ESP IKE ESP TS TS Page 9 23.10.2014 The Muen Separation Kernel
. Architecting Secure Systems . Session 1 Session 2 Session 3 Session 4 UI Multiplexer Network Linux Network Page 10 23.10.2014 The Muen Separation Kernel
. Low Kernel Complexity . . . . Init Signaling Scheduler . Page Tables . Caps/ Perms . VT-x VT-d . Message Passing . Schedule Planning . Memory Allocator . Device Allocator . Device Drivers . User Interface . File System . VM Monitor . Posix Interface Page 11 23.10.2014 The Muen Separation Kernel
. Low Kernel Complexity . . . . Init Signaling Scheduler . Page Tables . Caps/ Perms . VT-x VT-d . Message Passing . Schedule Planning . Memory Allocator . Device Allocator . Device Drivers . User Interface . File System . VM Monitor . Posix Interface Page 12 23.10.2014 The Muen Separation Kernel
. Static Resource Allocation . . . . Init Signaling Scheduler . Page Tables . Caps/ Perms . VT-x VT-d . Message Passing . Schedule Planning . Memory Allocator . Device Allocator . Device Drivers . User Interface . File System . VM Monitor . Posix Interface Page 13 23.10.2014 The Muen Separation Kernel
. Static Resource Allocation . . . . Init Signaling Scheduler . Page Tables . Caps/ Perms . VT-x VT-d . . Schedule Planning . Memory Allocator . Device Allocator . Device Drivers . User Interface . File System . VM Monitor . Posix Interface Page 14 23.10.2014 The Muen Separation Kernel
. Deterministic Behaviour No long-running code paths No preemption necessary Fixed cyclic scheduling Avoidance of Covert Channels Page 15 23.10.2014 The Muen Separation Kernel
. Features Multicore support Fixed cyclic scheduling PCI device passthrough using Intel VT-d Support for 64-bit native and 32/64-bit Linux Event mechanism Shared memory channels for inter-subject communication Minimal Zero-Footprint Run-Time (RTS) Full availability of source code and documentation Page 16 23.10.2014 The Muen Separation Kernel
. SPARK 2014 for Operating Systems No pointers No dynamic memory allocation No concurrency Page 17 23.10.2014 The Muen Separation Kernel
. SPARK 2014 for Operating Systems No pointers No dynamic memory allocation No concurrency Fixed structures Static resource allocation One kernel instance / CPU Abort on host interrupts Page 17 23.10.2014 The Muen Separation Kernel
. SPARK 2014 for Operating Systems No pointers No dynamic memory allocation No concurrency Fixed structures Static resource allocation One kernel instance / CPU Abort on host interrupts ! Greatly simplified verification Page 17 23.10.2014 The Muen Separation Kernel
. Lean verification Proof annotations are part of the language Implicit generation of VCs for integrity preservation (Absence of runtime errors) Most ARTE VCs proven automatically1 Integration of theorem provers possible when needed Speed allows proofs to be part of build process 1With current wavefront, except "properties of constant records" Page 18 23.10.2014 The Muen Separation Kernel
. Modelling the System ASM Init . .. Initialize VMX Enter Subject Subject Subject Page 19 23.10.2014 The Muen Separation Kernel
. Modelling the System ASM Init . .. Initialize VMX Handler VMX Enter Subject Subject Subject VMX Exit Page 19 23.10.2014 The Muen Separation Kernel
. Modelling the System . Initialize VMX Handler Subject Subject Subject Page 19 23.10.2014 The Muen Separation Kernel
. Modelling the System . Initialize VMX Handler Environment Initialize Environment Run Page 19 23.10.2014 The Muen Separation Kernel
. Modelling the System Initial Inv. . .. Loop Inv. Initialize VMX Handler Inv. + Env. Model Environment Initialize Environment Run Page 19 23.10.2014 The Muen Separation Kernel
. Future verification options Proof of complex properties Interaction with theorem provers Interface modelling (ghost state) Soundness of memory layout … Page 20 23.10.2014 The Muen Separation Kernel
. Demo This presentation is given on a system running on Muen Page 21 23.10.2014 The Muen Separation Kernel
. Current / Future Work Short-term Prove additional properties PCI-Configspace emulation Time Virtualization Long-term Functional correctness proofs Windows Virtualization Dynamic resource management Page 22 23.10.2014 The Muen Separation Kernel
. Summary Secure software is limited in complexity Separation of untrusted components essential Muen provides a solid foundation for high assurance systems Muen is the base of complex high security solutions in development SPARK 2014 enables lean verification Formal verification can be done under commercial constraints Page 23 23.10.2014 The Muen Separation Kernel
. Q & A Discussion Get Muen at http://muen.sk/ Page 24 23.10.2014 The Muen Separation Kernel
. Intel Virtualization Technology VT-x is Intel's virtualization technology for the x86 platform Virtual Machine state is saved in control structure (VMCS) Introduction of VMX root and non-root modes New processor instructions (VMX) to switch modes and manage VMCS Hardware-assisted virtualization drastically reduces complexity of VMM Page 25 23.10.2014 The Muen Separation Kernel
. Modelling the System . Initialize VMX Handler Exception Handler STOP ASM Init .. VMX Enter VMX Exit VMX Enter Interrupt Subject Subject Subject Page 26 23.10.2014 The Muen Separation Kernel
. Example property: Correct VMCS Address Environment.Initialize; SK.Kernel.Initialize (Subject_Registers ); loop pragma Loop_Invariant (X86_64.Prf_VMPTR = Policy.Get_VMCS_Address (Get_Current_Minor_Frame.Subject_Id )); Environment.Vmx_Run (Subject_Registers ); SK.Scheduler.Handle_VMX_Exit (Subject_Registers ); end loop; Page 27 23.10.2014 The Muen Separation Kernel
. Example property: Correct VMCS Address procedure Handle_VMX_Exit (Subject_Registers : in out CPU_Regs_Type) with Global => [...] , Depends => [...] , Pre => (X86_64.Prf_VMPTR = Policy.Get_VMCS_Address (Get_Current_Minor_Frame.Subject_Id )), Post => (X86_64.Prf_VMPTR = Policy.Get_VMCS_Address (Get_Current_Minor_Frame.Subject_Id )), Export , Convention => C, Link_Name => "handle_vmx_exit"; Page 28 23.10.2014 The Muen Separation Kernel

Empfohlen

Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
 
DPDK & Cloud Native
DPDK & Cloud NativeDPDK & Cloud Native
DPDK & Cloud NativeMichelle Holley
 
Xen Memory Management
Xen Memory ManagementXen Memory Management
Xen Memory ManagementThe Linux Foundation
 
Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Novell
 
Ceph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing GuideCeph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing GuideKaran Singh
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VRISC-V International
 
Zettabyte File Storage System
Zettabyte File Storage SystemZettabyte File Storage System
Zettabyte File Storage SystemAmdocs
 
EB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyEB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyAlexander Much
 

Empfohlen

Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
 
DPDK & Cloud Native
DPDK & Cloud NativeDPDK & Cloud Native
DPDK & Cloud NativeMichelle Holley
 
Xen Memory Management
Xen Memory ManagementXen Memory Management
Xen Memory ManagementThe Linux Foundation
 
Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Novell
 
Ceph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing GuideCeph Object Storage Reference Architecture Performance and Sizing Guide
Ceph Object Storage Reference Architecture Performance and Sizing GuideKaran Singh
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VRISC-V International
 
Zettabyte File Storage System
Zettabyte File Storage SystemZettabyte File Storage System
Zettabyte File Storage SystemAmdocs
 
EB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyEB corbos and the L4Re microhypervisor: Open-source automotive safety
EB corbos and the L4Re microhypervisor: Open-source automotive safetyAlexander Much
 
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data CenterFibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data CenterStuart Miniman
 
Webinar presentation on AUTOSAR Multicore Systems
Webinar presentation on AUTOSAR Multicore SystemsWebinar presentation on AUTOSAR Multicore Systems
Webinar presentation on AUTOSAR Multicore SystemsKPIT
 
OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...
OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...
OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...NETWAYS
 
AUTOSAR Memory Stcak (MemStack).
AUTOSAR Memory Stcak (MemStack). AUTOSAR Memory Stcak (MemStack).
AUTOSAR Memory Stcak (MemStack). Embitel Technologies (I) PVT LTD
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSPavel Odintsov
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOpsJorge Moratilla Porras
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopLinaro
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfReZa AdineH
 
Understanding das-nas-san
Understanding das-nas-sanUnderstanding das-nas-san
Understanding das-nas-sanAshwin Pawar
 
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacks
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other AttacksExploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacks
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacksinside-BigData.com
 
Swap Administration in linux platform
Swap Administration in linux platformSwap Administration in linux platform
Swap Administration in linux platformashutosh123gupta
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Metasploitable
MetasploitableMetasploitable
MetasploitableSri Manakula Vinayagar Engineering College
 
Aula 13 - Algoritmos de Escalonamento
Aula 13 - Algoritmos de Escalonamento Aula 13 - Algoritmos de Escalonamento
Aula 13 - Algoritmos de Escalonamento camila_seixas
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringBryan Len
 
Practical Trusted Platform Module (TPM2) Programming
Practical Trusted Platform Module (TPM2) ProgrammingPractical Trusted Platform Module (TPM2) Programming
Practical Trusted Platform Module (TPM2) ProgrammingBrandon Arvanaghi
 
[iROC Webinar] Do I Need to Worry About Soft Errors?
[iROC Webinar] Do I Need to Worry About Soft Errors? [iROC Webinar] Do I Need to Worry About Soft Errors?
[iROC Webinar] Do I Need to Worry About Soft Errors? iROCTech
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF n|u - The Open Security Community
 
Achieving the Ultimate Performance with KVM
Achieving the Ultimate Performance with KVMAchieving the Ultimate Performance with KVM
Achieving the Ultimate Performance with KVMDevOps.com
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityAdaCore
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsAdaCore
 

Weitere ähnliche Inhalte

Was ist angesagt?

Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data CenterFibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data CenterStuart Miniman
 
Webinar presentation on AUTOSAR Multicore Systems
Webinar presentation on AUTOSAR Multicore SystemsWebinar presentation on AUTOSAR Multicore Systems
Webinar presentation on AUTOSAR Multicore SystemsKPIT
 
OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...
OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...
OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...NETWAYS
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSPavel Odintsov
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopLinaro
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfReZa AdineH
 
Understanding das-nas-san
Understanding das-nas-sanUnderstanding das-nas-san
Understanding das-nas-sanAshwin Pawar
 
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacks
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other AttacksExploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacks
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacksinside-BigData.com
 
Swap Administration in linux platform
Swap Administration in linux platformSwap Administration in linux platform
Swap Administration in linux platformashutosh123gupta
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Aula 13 - Algoritmos de Escalonamento
Aula 13 - Algoritmos de Escalonamento Aula 13 - Algoritmos de Escalonamento
Aula 13 - Algoritmos de Escalonamento camila_seixas
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringBryan Len
 
Practical Trusted Platform Module (TPM2) Programming
Practical Trusted Platform Module (TPM2) ProgrammingPractical Trusted Platform Module (TPM2) Programming
Practical Trusted Platform Module (TPM2) ProgrammingBrandon Arvanaghi
 
[iROC Webinar] Do I Need to Worry About Soft Errors?
[iROC Webinar] Do I Need to Worry About Soft Errors? [iROC Webinar] Do I Need to Worry About Soft Errors?
[iROC Webinar] Do I Need to Worry About Soft Errors? iROCTech
 
Achieving the Ultimate Performance with KVM
Achieving the Ultimate Performance with KVMAchieving the Ultimate Performance with KVM
Achieving the Ultimate Performance with KVMDevOps.com
 

Was ist angesagt? (20)

Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data CenterFibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
 
Webinar presentation on AUTOSAR Multicore Systems
Webinar presentation on AUTOSAR Multicore SystemsWebinar presentation on AUTOSAR Multicore Systems
Webinar presentation on AUTOSAR Multicore Systems
 
OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...
OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...
OSMC 2021 | SNMP Monitoring mit Prometheus / OIDs dynamisch auswählen und im ...
 
AUTOSAR Memory Stcak (MemStack).
AUTOSAR Memory Stcak (MemStack). AUTOSAR Memory Stcak (MemStack).
AUTOSAR Memory Stcak (MemStack).
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOS
 
Proxmox for DevOps
Proxmox for DevOpsProxmox for DevOps
Proxmox for DevOps
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdf
 
Understanding das-nas-san
Understanding das-nas-sanUnderstanding das-nas-san
Understanding das-nas-san
 
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacks
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other AttacksExploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacks
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacks
 
Swap Administration in linux platform
Swap Administration in linux platformSwap Administration in linux platform
Swap Administration in linux platform
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Metasploitable
MetasploitableMetasploitable
Metasploitable
 
Aula 13 - Algoritmos de Escalonamento
Aula 13 - Algoritmos de Escalonamento Aula 13 - Algoritmos de Escalonamento
Aula 13 - Algoritmos de Escalonamento
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
 
Practical Trusted Platform Module (TPM2) Programming
Practical Trusted Platform Module (TPM2) ProgrammingPractical Trusted Platform Module (TPM2) Programming
Practical Trusted Platform Module (TPM2) Programming
 
[iROC Webinar] Do I Need to Worry About Soft Errors?
[iROC Webinar] Do I Need to Worry About Soft Errors? [iROC Webinar] Do I Need to Worry About Soft Errors?
[iROC Webinar] Do I Need to Worry About Soft Errors?
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Achieving the Ultimate Performance with KVM
Achieving the Ultimate Performance with KVMAchieving the Ultimate Performance with KVM
Achieving the Ultimate Performance with KVM
 

Andere mochten auch

Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityAdaCore
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsAdaCore
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...AdaCore
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...AdaCore
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseAdaCore
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CAdaCore
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkAdaCore
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...AdaCore
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsAdaCore
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureAdaCore
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...AdaCore
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesAdaCore
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAdaCore
 
An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178BAdaCore
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...AdaCore
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...AdaCore
 
MISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureMISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureAdaCore
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentAdaCore
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsAdaCore
 

Andere mochten auch (20)

Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and Security
 
Mixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core PlatformsMixed Criticality Systems and Many-Core Platforms
Mixed Criticality Systems and Many-Core Platforms
 
How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...How should we build that? Evolving a development environment that's suitable ...
How should we build that? Evolving a development environment that's suitable ...
 
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
HIS 2015: Roderick Chapman - Murphy Vs Satan Why programming secure systems i...
 
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the EnterpriseHIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
HIS 2015: Prof. Mark Little - Open Source Challenges in the Enterprise
 
HIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-CHIS Conf 2014: An Insight into MISRA-C
HIS Conf 2014: An Insight into MISRA-C
 
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest linkHIS 2015: Prof. Ian Phillips - Stronger than its weakest link
HIS 2015: Prof. Ian Phillips - Stronger than its weakest link
 
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
HIS 2015: Neil White - Advances in Practical Techniques for Critical Developm...
 
Practical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related SystemsPractical Application of Agile Techniques in Developing Safety Related Systems
Practical Application of Agile Techniques in Developing Safety Related Systems
 
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical InfrastructureHIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
HIS 2015: Tom Chothia - Formal Security of Critical Infrastructure
 
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
HIS 2015: Ivan Ellis - VISIUMCORE A High Integrity Processor for Safety Criti...
 
A Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics DevicesA Computer Vision Application for In Vitro Diagnostics Devices
A Computer Vision Application for In Vitro Diagnostics Devices
 
Ada 202x A broad overview of relevant news
Ada 202x A broad overview of relevant newsAda 202x A broad overview of relevant news
Ada 202x A broad overview of relevant news
 
An Alternative Approach to DO-178B
An Alternative Approach to DO-178BAn Alternative Approach to DO-178B
An Alternative Approach to DO-178B
 
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
HIS 2015: Prof. Phil Koopman - A Case Study of Toyota Unintended Acceleration...
 
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
HIS 2015: Alastair F. Donaldson - Fighting for Software Correctness in a Mass...
 
MISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the futureMISRA C – Recent developments and a road map to the future
MISRA C – Recent developments and a road map to the future
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Bounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise EnvironmentBounded Model Checking for C Programs in an Enterprise Environment
Bounded Model Checking for C Programs in an Enterprise Environment
 
Multi-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical SystemsMulti-Core (MC) Processor Qualification for Safety Critical Systems
Multi-Core (MC) Processor Qualification for Safety Critical Systems
 

Ähnlich wie Muen Separation Kernel overview

The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18Casey Bisson
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
 
Running IBM MQ in the Cloud
Running IBM MQ in the CloudRunning IBM MQ in the Cloud
Running IBM MQ in the CloudRobert Parker
 
Cloud Foundry Platform as a Service on Vblock System
Cloud Foundry Platform as a Service on Vblock SystemCloud Foundry Platform as a Service on Vblock System
Cloud Foundry Platform as a Service on Vblock SystemEMC
 
VxWorks - Holistic Security (Art of Testing)
VxWorks - Holistic Security (Art of Testing)VxWorks - Holistic Security (Art of Testing)
VxWorks - Holistic Security (Art of Testing)Aditya K Sood
 
The weather ahead: Clouds
The weather ahead: CloudsThe weather ahead: Clouds
The weather ahead: Cloudszoopster
 
Event driven microservices with vertx and kubernetes
Event driven microservices with vertx and kubernetesEvent driven microservices with vertx and kubernetes
Event driven microservices with vertx and kubernetesAndy Moncsek
 
4 implementation
4 implementation4 implementation
4 implementationhanmya
 
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsXPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsThe Linux Foundation
 
kata-containers-onboarding-deck.pptx
kata-containers-onboarding-deck.pptxkata-containers-onboarding-deck.pptx
kata-containers-onboarding-deck.pptxQforQA
 
LOAD 2014-Prezentare BitDefender
LOAD 2014-Prezentare BitDefenderLOAD 2014-Prezentare BitDefender
LOAD 2014-Prezentare BitDefenderSilviu Cojocaru
 
Running IBM MQ in Containers
Running IBM MQ in ContainersRunning IBM MQ in Containers
Running IBM MQ in ContainersRobert Parker
 
vProtect - enterprise-grade Nutanix backup & recovery
vProtect - enterprise-grade Nutanix backup & recoveryvProtect - enterprise-grade Nutanix backup & recovery
vProtect - enterprise-grade Nutanix backup & recoveryPawel Maczka
 
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixLCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixThe Linux Foundation
 
Secure and power the intelligent edge with Azure Sphere
Secure and power the intelligent edge with Azure SphereSecure and power the intelligent edge with Azure Sphere
Secure and power the intelligent edge with Azure SphereMicrosoft Tech Community
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel securitysmart_bit
 
Linux container & docker
Linux container & dockerLinux container & docker
Linux container & dockerejlp12
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017Robert Parker
 

Ähnlich wie Muen Separation Kernel overview (20)

The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
 
Running IBM MQ in the Cloud
Running IBM MQ in the CloudRunning IBM MQ in the Cloud
Running IBM MQ in the Cloud
 
Cloud Foundry Platform as a Service on Vblock System
Cloud Foundry Platform as a Service on Vblock SystemCloud Foundry Platform as a Service on Vblock System
Cloud Foundry Platform as a Service on Vblock System
 
VxWorks - Holistic Security (Art of Testing)
VxWorks - Holistic Security (Art of Testing)VxWorks - Holistic Security (Art of Testing)
VxWorks - Holistic Security (Art of Testing)
 
The weather ahead: Clouds
The weather ahead: CloudsThe weather ahead: Clouds
The weather ahead: Clouds
 
Event driven microservices with vertx and kubernetes
Event driven microservices with vertx and kubernetesEvent driven microservices with vertx and kubernetes
Event driven microservices with vertx and kubernetes
 
4 implementation
4 implementation4 implementation
4 implementation
 
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsXPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE Systems
 
kata-containers-onboarding-deck.pptx
kata-containers-onboarding-deck.pptxkata-containers-onboarding-deck.pptx
kata-containers-onboarding-deck.pptx
 
LOAD 2014-Prezentare BitDefender
LOAD 2014-Prezentare BitDefenderLOAD 2014-Prezentare BitDefender
LOAD 2014-Prezentare BitDefender
 
Running IBM MQ in Containers
Running IBM MQ in ContainersRunning IBM MQ in Containers
Running IBM MQ in Containers
 
vProtect - enterprise-grade Nutanix backup & recovery
vProtect - enterprise-grade Nutanix backup & recoveryvProtect - enterprise-grade Nutanix backup & recovery
vProtect - enterprise-grade Nutanix backup & recovery
 
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixLCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
 
Secure and power the intelligent edge with Azure Sphere
Secure and power the intelligent edge with Azure SphereSecure and power the intelligent edge with Azure Sphere
Secure and power the intelligent edge with Azure Sphere
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel security
 
Linux container & docker
Linux container & dockerLinux container & docker
Linux container & docker
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
cn-series-container-firewall.pdf
cn-series-container-firewall.pdfcn-series-container-firewall.pdf
cn-series-container-firewall.pdf
 
IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017
 

Mehr von AdaCore

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?AdaCore
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesAdaCore
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic libraryAdaCore
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsAdaCore
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verificationAdaCore
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofAdaCore
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsAdaCore
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationAdaCore
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareAdaCore
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentAdaCore
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!AdaCore
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaCore
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...AdaCore
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologyAdaCore
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextAdaCore
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareAdaCore
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsAdaCore
 

Mehr von AdaCore (19)

RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Have we a Human Ecosystem?
Have we a Human Ecosystem?Have we a Human Ecosystem?
Have we a Human Ecosystem?
 
Rust and the coming age of high integrity languages
Rust and the coming age of high integrity languagesRust and the coming age of high integrity languages
Rust and the coming age of high integrity languages
 
SPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic librarySPARKNaCl: A verified, fast cryptographic library
SPARKNaCl: A verified, fast cryptographic library
 
Developing Future High Integrity Processing Solutions
Developing Future High Integrity Processing SolutionsDeveloping Future High Integrity Processing Solutions
Developing Future High Integrity Processing Solutions
 
Taming event-driven software via formal verification
Taming event-driven software via formal verificationTaming event-driven software via formal verification
Taming event-driven software via formal verification
 
Pushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program ProofPushing the Boundary of Mostly Automatic Program Proof
Pushing the Boundary of Mostly Automatic Program Proof
 
RCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standardsRCA OCORA: Safe Computing Platform using open standards
RCA OCORA: Safe Computing Platform using open standards
 
Product Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configurationProduct Lines and Ecosystems: from customization to configuration
Product Lines and Ecosystems: from customization to configuration
 
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded SoftwareSecuring the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
 
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware DevelopmentSpark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
 
The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!The Future of Aerospace – More Software Please!
The Future of Aerospace – More Software Please!
 
Adaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR ArchitectureAdaptive AUTOSAR - The New AUTOSAR Architecture
Adaptive AUTOSAR - The New AUTOSAR Architecture
 
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
Using Tiers of Assurance Evidence to Reduce the Tears! Adopting the “Wheel of...
 
Software Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar TechnologySoftware Engineering for Robotics - The RoboStar Technology
Software Engineering for Robotics - The RoboStar Technology
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
 
Application of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle softwareApplication of theorem proving for safety-critical vehicle software
Application of theorem proving for safety-critical vehicle software
 
Verification and Validation of Robotic Assistants
Verification and Validation of Robotic AssistantsVerification and Validation of Robotic Assistants
Verification and Validation of Robotic Assistants
 

Kürzlich hochgeladen

Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 

Kürzlich hochgeladen (20)

Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 

Muen Separation Kernel overview

  • 1. . secunet Security Networks AG . . The Muen Separation Kernel .. Robert Dorn Reto Buerki Adrian Rueegsegger HSR University of Applied Sciences Rapperswil 23.10.2014
  • 2. . About secunet Germany's leading provider of IT security Security partner of the Federal Republic of Germany More than 340 employees Robert Dorn, Senior Consultant at secunet Responsible for design & development of Separation Kernel based systems www.secunet.com Page 2 23.10.2014 The Muen Separation Kernel
  • 3. . About HSR University of Applied Sciences with around 1500 students Located in Rapperswil, Switzerland Reto Buerki & Adrian-Ken Rueegsegger, researchers @ Institute for Internet Technologies and Applications Core developers of Muen www.hsr.ch Page 3 23.10.2014 The Muen Separation Kernel
  • 4. . Security of Complex Software P(Program_Correct) = P (Line_Correct)SLOC Page 4 23.10.2014 The Muen Separation Kernel
  • 5. . Security of Complex Software 100% 10% 1% 10 1 0.1 1 10 100 1 000 10 000 100 000 P(Defective Program) kSLOC defects/kSLOC 0.1 Page 5 23.10.2014 The Muen Separation Kernel
  • 6. . Security of Complex Software 100% 10% 1% Assumptions (e.g.): 10% security defects, 20% exploitable 10 1 0.1 1 10 100 1 000 10 000 100 000 P (Exploitable Program) kSLOC defects/kSLOC 0.1 Page 6 23.10.2014 The Muen Separation Kernel
  • 7. . Secure Software Tiny size Very low defect rate Low security defect ratio Page 7 23.10.2014 The Muen Separation Kernel
  • 8. . Reducing Complexity of Trusted Code . trusted Page 8 23.10.2014 The Muen Separation Kernel
  • 9. . Reducing Complexity of Trusted Code . trusted Page 8 23.10.2014 The Muen Separation Kernel
  • 10. . Reducing Complexity of Trusted Code . untrusted trusted Proper Interface Page 8 23.10.2014 The Muen Separation Kernel
  • 11. . Reducing Complexity of Trusted Code . untrusted trusted Isolation Proper Interface Partitioning Page 8 23.10.2014 The Muen Separation Kernel
  • 12. . Reducing Complexity of Trusted Code . trusted Separation Kernel untrusted trusted Page 8 23.10.2014 The Muen Separation Kernel
  • 13. . Architecting Secure Systems . Open Network Linux Encryption Key Management Decryption Protected Network Separation Kernel ESP IKE ESP TS TS Page 9 23.10.2014 The Muen Separation Kernel
  • 14. . Architecting Secure Systems . Session 1 Session 2 Session 3 Session 4 UI Multiplexer Network Linux Network Page 10 23.10.2014 The Muen Separation Kernel
  • 15. . Low Kernel Complexity . . . . Init Signaling Scheduler . Page Tables . Caps/ Perms . VT-x VT-d . Message Passing . Schedule Planning . Memory Allocator . Device Allocator . Device Drivers . User Interface . File System . VM Monitor . Posix Interface Page 11 23.10.2014 The Muen Separation Kernel
  • 16. . Low Kernel Complexity . . . . Init Signaling Scheduler . Page Tables . Caps/ Perms . VT-x VT-d . Message Passing . Schedule Planning . Memory Allocator . Device Allocator . Device Drivers . User Interface . File System . VM Monitor . Posix Interface Page 12 23.10.2014 The Muen Separation Kernel
  • 17. . Static Resource Allocation . . . . Init Signaling Scheduler . Page Tables . Caps/ Perms . VT-x VT-d . Message Passing . Schedule Planning . Memory Allocator . Device Allocator . Device Drivers . User Interface . File System . VM Monitor . Posix Interface Page 13 23.10.2014 The Muen Separation Kernel
  • 18. . Static Resource Allocation . . . . Init Signaling Scheduler . Page Tables . Caps/ Perms . VT-x VT-d . . Schedule Planning . Memory Allocator . Device Allocator . Device Drivers . User Interface . File System . VM Monitor . Posix Interface Page 14 23.10.2014 The Muen Separation Kernel
  • 19. . Deterministic Behaviour No long-running code paths No preemption necessary Fixed cyclic scheduling Avoidance of Covert Channels Page 15 23.10.2014 The Muen Separation Kernel
  • 20. . Features Multicore support Fixed cyclic scheduling PCI device passthrough using Intel VT-d Support for 64-bit native and 32/64-bit Linux Event mechanism Shared memory channels for inter-subject communication Minimal Zero-Footprint Run-Time (RTS) Full availability of source code and documentation Page 16 23.10.2014 The Muen Separation Kernel
  • 21. . SPARK 2014 for Operating Systems No pointers No dynamic memory allocation No concurrency Page 17 23.10.2014 The Muen Separation Kernel
  • 22. . SPARK 2014 for Operating Systems No pointers No dynamic memory allocation No concurrency Fixed structures Static resource allocation One kernel instance / CPU Abort on host interrupts Page 17 23.10.2014 The Muen Separation Kernel
  • 23. . SPARK 2014 for Operating Systems No pointers No dynamic memory allocation No concurrency Fixed structures Static resource allocation One kernel instance / CPU Abort on host interrupts ! Greatly simplified verification Page 17 23.10.2014 The Muen Separation Kernel
  • 24. . Lean verification Proof annotations are part of the language Implicit generation of VCs for integrity preservation (Absence of runtime errors) Most ARTE VCs proven automatically1 Integration of theorem provers possible when needed Speed allows proofs to be part of build process 1With current wavefront, except "properties of constant records" Page 18 23.10.2014 The Muen Separation Kernel
  • 25. . Modelling the System ASM Init . .. Initialize VMX Enter Subject Subject Subject Page 19 23.10.2014 The Muen Separation Kernel
  • 26. . Modelling the System ASM Init . .. Initialize VMX Handler VMX Enter Subject Subject Subject VMX Exit Page 19 23.10.2014 The Muen Separation Kernel
  • 27. . Modelling the System . Initialize VMX Handler Subject Subject Subject Page 19 23.10.2014 The Muen Separation Kernel
  • 28. . Modelling the System . Initialize VMX Handler Environment Initialize Environment Run Page 19 23.10.2014 The Muen Separation Kernel
  • 29. . Modelling the System Initial Inv. . .. Loop Inv. Initialize VMX Handler Inv. + Env. Model Environment Initialize Environment Run Page 19 23.10.2014 The Muen Separation Kernel
  • 30. . Future verification options Proof of complex properties Interaction with theorem provers Interface modelling (ghost state) Soundness of memory layout … Page 20 23.10.2014 The Muen Separation Kernel
  • 31. . Demo This presentation is given on a system running on Muen Page 21 23.10.2014 The Muen Separation Kernel
  • 32. . Current / Future Work Short-term Prove additional properties PCI-Configspace emulation Time Virtualization Long-term Functional correctness proofs Windows Virtualization Dynamic resource management Page 22 23.10.2014 The Muen Separation Kernel
  • 33. . Summary Secure software is limited in complexity Separation of untrusted components essential Muen provides a solid foundation for high assurance systems Muen is the base of complex high security solutions in development SPARK 2014 enables lean verification Formal verification can be done under commercial constraints Page 23 23.10.2014 The Muen Separation Kernel
  • 34. . Q & A Discussion Get Muen at http://muen.sk/ Page 24 23.10.2014 The Muen Separation Kernel
  • 35. . Intel Virtualization Technology VT-x is Intel's virtualization technology for the x86 platform Virtual Machine state is saved in control structure (VMCS) Introduction of VMX root and non-root modes New processor instructions (VMX) to switch modes and manage VMCS Hardware-assisted virtualization drastically reduces complexity of VMM Page 25 23.10.2014 The Muen Separation Kernel
  • 36. . Modelling the System . Initialize VMX Handler Exception Handler STOP ASM Init .. VMX Enter VMX Exit VMX Enter Interrupt Subject Subject Subject Page 26 23.10.2014 The Muen Separation Kernel
  • 37. . Example property: Correct VMCS Address Environment.Initialize; SK.Kernel.Initialize (Subject_Registers ); loop pragma Loop_Invariant (X86_64.Prf_VMPTR = Policy.Get_VMCS_Address (Get_Current_Minor_Frame.Subject_Id )); Environment.Vmx_Run (Subject_Registers ); SK.Scheduler.Handle_VMX_Exit (Subject_Registers ); end loop; Page 27 23.10.2014 The Muen Separation Kernel
  • 38. . Example property: Correct VMCS Address procedure Handle_VMX_Exit (Subject_Registers : in out CPU_Regs_Type) with Global => [...] , Depends => [...] , Pre => (X86_64.Prf_VMPTR = Policy.Get_VMCS_Address (Get_Current_Minor_Frame.Subject_Id )), Post => (X86_64.Prf_VMPTR = Policy.Get_VMCS_Address (Get_Current_Minor_Frame.Subject_Id )), Export , Convention => C, Link_Name => "handle_vmx_exit"; Page 28 23.10.2014 The Muen Separation Kernel