On Wed, Apr 13, 2011 at 10:01 PM, Matt Rice <[email protected]> wrote: > nothing terribly important but food for thought > > so in attempting to port to cortex-A8 i inevitably let my mind wonder > to the question > in what ways can we leverage the additional security extensions > provided, "Trustzone"[1] || [2] > > unfortunately it doesn't seem to be a natural fit for capability systems, > by splitting things in to secure and insecure worlds, in some ways you > could potentially avoid the need for > attenuation, but you inevitably lose the ability to do fine grained > access control > the ability to give secure access to one device, > yet withhold it from another while providing 'non-secure' access.
this probably deserves a better explanation. what I mean is: say you have a keyboard driver you can then attenuate this to an "non-exclusive keyboard capability" and a "exclusive keyboard capability", the exclusive keyboard capability then cuts off all non-exclusive access to the keyboard until some time. with a direct mapping of the trustzone stuff, to capabilities you could potentially hand out, "keyboard capabilities" like candy, and hand out "secure", and "non-secure" capabilities, that get passed to the keyboard capability setting the device to secure mode then magically disables all insecure access, but it seems your granularity is limited to a single "secure bit". (my limited understanding of the domain protection model available in the mmu may mean this is more flexible than I believe but still you are limited to 16 domains). > though, it could maybe be used in combination with attenuation, > it'd have to be in ways which neither compromise or tie us to this > specific implementation. and this would just add some extra assurance that should someone somehow get access to the keyboard location they'd need to also be running with a secure bit. > If nothing else, it can be used as possibly intended, > transparently and on top of a system oblivious to it. > > I guess i'm curious if anyone else has any thoughts/knows of research > done on the subject. > googling doesn't really seem to provide anything but marketing stuff. > > http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/index.html > (pdf) > http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf > ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ CapROS-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/capros-devel
