Antikernel: A Decentralized Secure Hardware-Software Operating System Architecture

Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9813)

Abstract

The “kernel” model has been part of operating system architecture for decades, but upon closer inspection it clearly violates the principle of least required privilege. The kernel is a single entity which provides many services (memory management, interfacing to drivers, context switching, IPC) having no real relation to each other, and has the ability to observe or tamper with all state of the system. This work presents Antikernel, a novel operating system architecture consisting of both hardware and software components and designed to be fundamentally more secure than the state of the art. To make formal verification easier, and improve parallelism, the Antikernel system is highly modular and consists of many independent hardware state machines (one or more of which may be a general-purpose CPU running application or systems software) connected by a packet-switched network-on-chip (NoC). We create and verify an FPGA-based prototype of the system.

Keywords

Network on chip System on chip Security Operating systems Hardware accelerators 
This is a preview of subscription content, log in to check access.

References

  1. 1.
    Zonenberg, A.D.: Antikernel: a decentralized secure hardware-software operating system architecture. Ph.D. dissertation, Rensselaer Polytechnic Institute (2015)Google Scholar
  2. 2.
    Engler, D.R., et al.: Exokernel: an operating system architecture for application-level resource management. SIGOPS Oper. Syst. Rev. 29(5), 251–266 (1995)CrossRefGoogle Scholar
  3. 3.
    Rushby, J.M.: Design and verification of secure systems. In: Proceedings of the 8th ACM Symposium on Operating Systems Principles, pp. 12–21 (1981)Google Scholar
  4. 4.
    Martin, W., White, P., Taylor, F.S., Goldberg, A.: Formal construction of the mathematically analyzed separation kernel. In: 15th IEEE International Conference Automated Software Engineering, ASE 2000, pp. 133–141 (2000)Google Scholar
  5. 5.
    Baumann, A., et al.: The multikernel: a new OS architecture for scalable multicore systems. In: Proceedings of the ACM SIGOPS 22nd Symposium Operating Systems Principles, New York, NY, USA, pp. 29–44 (2009)Google Scholar
  6. 6.
    Rutkowska, J., Wojtczuk, R.: Qubes OS Architecture, January 2010. http://files.qubes-os.org/files/doc/arch-spec-0.3.pdf
  7. 7.
    ARM Ltd. TrustZone Technology (2014). http://www.arm.com/products/processors/technologies/trustzone.php. Accessed 09 Apr 2015
  8. 8.
    Zonenberg, A.: Antikernel source repository, 18 March 2016. http://redmine.drawersteak.com/projects/achd-soc/repository. Accessed 18 Mar 2016
  9. 9.
    Engel, M., Spinczyk, O.: A radical approach to network-on-chip operatingsystems. In: 42nd Hawaii International Conference on System Sciences, HICSS 2009, pp. 1–10, January 2009Google Scholar
  10. 10.
    Nordstrom, S., et al.: Application specific real-time microkernel in hardware. In: 14th IEEE-NPSS Real Time Conference 2005, p. 4, June 2005Google Scholar
  11. 11.
    Hu, W., Ma, J., Wu, B., Ju, L., Chan, T.: Distributed on-chip operating systemfor network on chip. In: 2010 IEEE 10th International Conference on Computer and Information Technology (CIT), pp. 2760–2767, 1 July 2010Google Scholar
  12. 12.
    Park, S., et al.: A hardware operating system kernel for multi-processor systems. IEICE Electron. Express 5(9), 296–302 (2008)CrossRefGoogle Scholar
  13. 13.
    So, H.K.-H., et al.: A unified hardware/software runtime environment for FPGA-based reconfigurable computers using BORPH. In: Proceedings of the 4th International Conference Hardware/Software Codesign Systems Synthesis CODES+ISSS 2006, pp. 259–264 (2006)Google Scholar
  14. 14.
    Wasicek, V., et al.: A system-on-a-chip platform for mixed-criticality applications. In: 2010 13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing (ISORC), pp. 210–216, May 2010Google Scholar
  15. 15.
    Thomas, A., et al.: Towards a Zero-Kernel Operating System, 10 January 2013. http://www.infsec.cs.uni-saarland.de/hritcu/publications/zkos_draft_jan10_2013.pdf. Accessed 09 Apr 2015
  16. 16.
    BiiN Corporation. BiiN Systems Overview, Portland, OR, July 1988. http://bitsavers.informatik.uni-stuttgart.de/pdf/biin/BiiN_Systems_Overview.pdf. Accessed 09 Apr 2015
  17. 17.
    Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA), pp. 361–372, June 2014Google Scholar
  18. 18.
    Evans, C.: Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges, 9 March 2015. http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html. Accessed 09 Apr 2015
  19. 19.
    Wolf, C.: Yosys open synthesis suite. http://www.clifford.at/yosys/
  20. 20.
    Zonenberg, A.: From Silicon to Compiler: Reverse-Engineering the Xilinx XC2C32A, 22 July 2015. https://recon.cx/2015/slides/recon2015-18-andrew-zonenberg-From-Silicon-to-Compiler.pdf. Accessed 02 Mar 2016
  21. 21.
    Blazy, S., Dargaye, Z., Leroy, X.: Formal verification of a C Compiler front-end. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 460–475. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Boldo, S., et al.: A formally-verified C compiler supporting floating-point arithmetic. In: 21st IEEE International Symposium Computer Arithmetic ARITH, pp. 107–115. IEEE Computer Society Press (2013)Google Scholar

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.IOActive Inc.SeattleUSA
  2. 2.Rensselaer Polytechnic InstituteTroyUSA

Personalised recommendations