Abstract-Real Time Operating System ( RTOS ) had emerged in past few decennaries to supply a virtue solutions over assorted platforms that range between embedded devices till a sophisticated electronic system such atomic works and ballistic capsule. The development of the operating systems are unbroken continues to digest the demand of diverse application that running on assorted platforms. Recently, a new component introduced to supply security sweetening on the platform utilizing Trusted Computing. The general thought of the Trusted Computing is to supply a sure environment where are the hardware and package or application running on the platform behaves as expected without demand for farther confirmation. The term “ act as expected ” necessitate to be characterize in signifier of operating system behaviours so that we can place that new belongingss to add as mentions one time developing or upgrading the operating systems. Therefore, this paper we shall show a features of the bing Real Time Operating Systems and drawn-out belongingss or standards to present Trusted Real Time Operating System ( TRTOS ) . The intent of this paper is to ease the research workers for farther investigate the demand of TRTOSs and its discrepancy through diverseness of the user ‘s application.
Keywords-trusted application ; RTOS ; TPM ; trusted RTOS ; existent clip runing system ; trusted platform faculty ; trusted calculating
Operating systems ( OS ) are frequently used for pull offing the complexness of calculating resources and maximising calculation input and end product. This including functioning user ‘s application with minimum demands for application to cognize deepness about the platform or resources. Most of the OSs are designed for specific intent based on mark platform or machine and application put to deathing in that platform. There are many OSs that had been used across the planetary including Microsoft Windows, Linux, MAC and etc. However each OSs has alone design and architecture used for specific or general intent. We can sort OSs into 4 classs: I ) monolithic [ 1 ] , two ) microkernel [ 2 ] or NanoKernel [ 3, 12 ] , three ) exoKernel [ 4, 5 ] , four ) hybrid [ 5 ] .
We begin our treatment with some cardinal definitions related to trusted computer science ( TC ) . The Trusted Computing Group ( TCG ) address the “ trust ” based on expected response scheme which means “ an entity can be trusted if it ever behaves in the expected mode for the intended intent ” [ 20 ] . Nevertheless, nowadays most of contaminated platform by malicious activities will seek to Acts of the Apostless as expected response in existent clip while making its malicious activities [ 21 ] . Therefore, “ trust ” is a declaration by a well-known authorization that the platform can be trusted to act decently for the intended intent. This authorization is prepared to publish an indorsement ( e.g. credential or certification ) of the platform because it has already assessed the unity of the platform. “ Trust ” is a complicated impression that has been studied and debated in different countries such as societal scientific discipline and humanistic disciplines every bit good as computing machine scientific discipline [ 22 ] .
Intel Corporation defined “ Trusted ” as “ sure denotes a successful measuring of the provided package faculty to a mention measuring that is protected by a hardware trusted platform faculty ( e.g. , TPM ) and is pre-provisioned on the platform ” [ 23 ] . In fact, trust is a merger of several elements of the platform that span the endeavor to consumer, including dependability, safety, confidentiality, unity, handiness and privateness. However, a possible definition to quantify “ trust ” is utilizing the impression “ trusty ” . “ Trustworthy ” is the grade to which the ( security ) behavior of the constituent is provably compliant with its declared functionality [ 24 ] .
Specifying trust to be quantified is merely the first order of things. It is necessary but non sufficient. Following, is to clearly specify “ Trusted Process ” . It refers to “ either a hardware-based or software-based procedure with the host platform that is trusted without the demand for farther review to execute as expressed by the host platform certification ” ( TCG PC Client, 2005 ) . Trusted procedure is an of import component in the sure platform because it defines the footing of how can treat in a system become trusted in a computer science environment. The definition clearly spells out that a procedure can merely be trusted if the platform is trusted and a platform additions it ‘s trusted credential through the platform testimonies issued by the platform shapers.
At least, there are two techniques that can be usage for mensurating security of the OSs utilizing I ) binary measuring and two ) properties-based measuring. There are 3 major issues sing binary measuring that used for attestation: 1 ) uncovering the platform constellation may take to privacy maltreatment and unfairness against the implicit in platform ; 2 ) it requires the voucher to cognize all possible “ trusted ” constellations of all platforms ; 3 ) it does non needfully connote that the platform complies with coveted ( security ) belongingss during attestation procedure because double star is a inactive value [ 26 ] . Normally, binary unity measuring is acquired through hashing algorithm ( e.g. , SHA1 ) on files such as meats, library, feasible file and etc. It is easy to implement but lack of flexibleness when functioning hot-updating platforms such as ( Windows or Linux update ) . Properties-based is a technique that utilizing belongingss of the platform without exposing its individuality during and after attestation procedure. So, what are the belongingss? By word picture, belongingss are dynamic measurings offering by the platform ( e.g. , client ) to fulfill the voucher ( e.g. , server ) based on certain security demands of the party who asks for attestation. In favor of attestation, belongingss do non uncover the platform package and hardware constellations [ 27 ] . Until now, research workers still are unable to place these belongingss and mechanism to deduce it for attestation procedure.
OPERATING SYSTEM ARCHITECTURES
The massive meats normally packed in multiple faculties including hardware abstraction bed ( HAL ) , hardware drivers, meats faculties ( e.g. , scheduler, interrupt petition animal trainer ( IRQ ) , resource direction and etc ) , and high precession application in a individual big feasible double star. This sort of design is suited for less complex platform such as embedded devices. However, there are a batch go outing Linux based OSs utilizing massive meats such as Debian, Fedora, Ubuntu and Redhat. They integrate some critical or nucleus faculties for the application by recompiling the meat beginning codifications [ 6 ] for customization.
Fig. 1: Massive Architecture
The microkernel of course consist of multiple faculties that high coherence because interaction between faculties is loose matching ( e.g. a crashed faculty will non problem other faculties ) [ 7 ] . Liedtke ‘s rule in planing microkernel: “ a construct is tolerated inside the microkernel merely if traveling it outside the meat, i.e. allowing viing executions, would forestall execution of the system ‘s required functionality ” [ 17 ] . What he means that, to guarantee the nucleus meat is really little by implementing any faculty outside the meat infinite whatever possible. Normally, each meat infinite elements such as HAL, Drivers, IRQ, programming director are separated in different faculties or feasible files. Each faculty recognizes each other through standard interface ( e.g. , POSIX ) utilizing a really fast inter procedure communicating ( IPC ) interface. An early coevals of microkernel such as Mach [ 8 ] , IBM ‘s and Workplace OS [ 9 ] had encountered many jobs during execution because of ailing design and public presentation debasement rooted at the IPC [ 2 ] . These go on because the design of the hardware during that clip more likely for massive OS and besides deficiency of hardware acceleration ( e.g. , context switch, registries, coachs and DMA ) . Modern coevals of microkernel such as Vamos [ 2 ] and L4 [ 10 ] has successful improved earliest coevals jobs and besides adding new security component into meats design such as Trusted Computing Base ( TCB ) .
Fig. 2: Microkernel Architecture
The nanokernel or for a piece they call picokernel is a term used at the initial phase of microkernel. The nano or pico used to stand for a control the computing machine clock and the response clip ( preciseness clocking ) to certain procedure or yarn [ 3 ] . An illustration of nanokernel is KeyOS that has been used in the System/370, 680×0 and 88×0 processor households since 1983 [ 12 ] . The motive of development the KeyOS is to make accounting truth, 24-hour uninterrupted service, and the ability to back up coincident, reciprocally leery clip sharing consumers with an first-class degree of security [ 12 ] . The chief feature of the nanokernel are homeless meats, single-level shop, and capablenesss ( objects in the system is referred to by one or more coupled keys ) [ 12 ] . However, in past 15 old ages, people refer nanokernel or picokernel as microkernel because the emerging of package and hardware had diminished the differences between these footings.
The exokernel is developed by MIT ‘s pupil [ 4 ] to speed up the throughput of the hardware by leting untrusted application to use the hardware through low-level entree to the physical hardware [ 5 ] . Meanwhile, it separate protection from direction by spliting duties otherwise and somehow it different from the manner conventional OSs do [ 4 ] . The exokernel provides a mechanism to entree low-level resources utilizing library runing systems ( libOSes ) . The libOSes is unprivileged libraries that can be modified or replaced at will. Furthermore, these libraries offer practical memory, file systems, networking, IPC, and procedures ( weaving ) for application on the top of these libraries to entree it [ 4, 5 ] . D. R. Engler [ 5 ] found that this OS architecture is efficient to procure the multiplexing of hardware resources at low-level and besides traditional operating system abstractions can be implemented expeditiously at application degree.
Fig. 3: ExoKernel Architecture
The intercrossed meat is a mixture of meat architecture to function a legion of application running in the same platform.
Several research community calls hypervisor or intercrossed meats because the hypervisor provides multiple interface to back up other meats running on the top of this hypervisor. This hypervisor provides hardware abstraction and resource sharing between meats. Examples of intercrossed architecture are OKL4 [ 16 ] , L4/Fiasco.OC [ 18, 19 ] , L4 NOVA [ 19 ] and Citrix XenServer. These meats or hypervisor is a Type 1 ( native or au naturel metal ) hypervisors that run straight on the host ‘s hardware to command the hardware and to supervise guest meats. There are besides another design of intercrossed meats such as Windows Vista, BeOS [ 13 ] , ReactOS [ 14 ] and Plan 9 [ 15 ] that utilizing combination of microkernel and massive meats in the architecture. There are a few grounds why Windows is a intercrossed meat, but non merely microkernel: I ) size NTOSKRNL for Windows Vista SP3 is about 3.38 MB ( massive ) ; two ) nucleus maps ( or faculties ) reside in NTOSKRNL such as first-level interrupt handling ( microkernel ) ; three ) subsystems supplying system services that run in meat manner, instead than in user-mode ( massive ) ; and iv ) Windows Server with Hyper-V support virtualization of OSs as invitee OS ( intercrossed ) .
Fig. 4: Hybrid Kernel ( Hypervisor ) Architecture
Fig. 5: Hybrid Kernel ( Mono and Micro ) Architecture
R. Sailer et. Al. [ 28 ] presented a design and paradigm used for verifying client platform utilizing Integrity Measurement Architecture ( IMA ) for Linux OS ( massive ) . The chief security design is to mensurate all feasible content that is loaded onto the meats and user infinite before executing and these measurings are protected in the TPM hardware. Second characteristic in their strategy were used the root of trust and concatenation of trust based on TCG demand. The measurement theoretical account is to mensurate any content from the BIOS all the manner up into the application bed. They used binary step scheme to place unity whether the OS and its environment have been modified in an unauthorised mode. IMA security design is to accomplish the Clark-Wilson [ 29 ] degree of unity confirmation such as confirmation range, feasible content, structured informations, unstructured informations and rival is able to guarantee measurings are fresh, complete and unchanged. They did alteration on the meat with security maulerss to mensurate when the first codification is loaded into a procedure and detect when alterations happen by verifying with the original unity.
Second, Z. Yanqin et. Al. [ 9 ] presented on optimising VPN security gateways utilizing Security Policy Database ( SPD ) constellation and cardinal exchange, which are based on machine acquisition and Elliptic Curve Cryptography ( ECC ) [ 9,10,11 ] . This paper point up cardinal security countries: I ) hallmark to guarantee package transmitted by valid beginning and without change, two ) confidentiality to guarantee no eavesdropping by coding the messages and three ) key direction to procure exchange cardinal procedures [ 9 ] .
R. Sailer et. Al. [ 15 ] presented a design to verify client unity belongingss and set up trust into client ‘s policy enforcement before allowing client to hold entree to corporate intranet. In their proposal, they used an unity pulse enabling the VPN waiter to track alterations in the distant client ‘s security belongingss and enforced policy alterations at some phase in the attestation procedure.
J Liu et Al. [ 16 ] discussed remote anon. attestation protocol based on the ring signature. In their design, any public key system such as RSA can be used to build ring signature attestation protocol and an RSA-based strategy is encouraged without engagement of 3rd trusted party and the issuer of the TPM in the Join sub-protocol.
Finally, C Nie [ 17 ] briefly illustrated the job with attestation utilizing inactive root of trust to look into the unity of platform. They proposed another solution utilizing dynamic root of trust provided by new CPU architecture such as Intel Trusted Execution ( Intel TXT ) .
Since 1999, the Trusted Computing solutions emerge to protect calculating activities. However, the interface between the terminal user and the application ( package ) utilizing TPM is still inflexible and it is hard to implement. For application developers, they require deep trusted calculating cognition to enable them to plan, coding and trial package. For case, bing application demands to be changed or upgraded before using the TPM functionality.
Methods & A ; Solutions
This paper discussed a possible solution that will let bing networking application without TPM to utilize TPM functionalities. It can be done utilizing a construct called “ trusted compartment ” and “ trusted services ” . Furthermore, this paper besides discusses a possible manner to better networking package utilizing the TNC protocol that will execute secure and trusted distant attestation.
This paper discusses a method to enable bing networking package to utilize Trusted Computing solution via attestation between application without interfering, fiddling or modifying bing package ( beginning codifications ) . Examples of applications that may use this method include VPN, Internet Explorer, Firefox and FTP, which use TCG ‘s attestation mechanism between applications within sure compartment. To let attestation, we recommended utilizing machines with TPM hardware or TPM Emulator to imitate attestation procedure. We recommend developers to utilize Infineon TPM 1.2 bit, because it is the lone 1 in the market that shop EK certificate in TPM. Besides that, Infineon TPM besides had complied with TCG TPM 1.2 specification conformity proving. We could besides utilize Mario Strasser ‘s TPM Emulator to imitate TPM functionality in Linux runing system but it has a defect that each copycat cases use the same EK values and all PCRs are preset to blank which means that we need to utilize TPM_Extend to supply some value for attestation procedure. We besides need to make minor alterations in the beginning codification.
Conclusion & A ; Future Work
This paper presented a method to set up trusted application where in, we use a sure agent as a negligee to let non-TGC application to utilize TPM. Furthermore, we have besides discussed a instance survey on the execution of our proposal utilizing client waiter application. In drumhead, we may utilize virtualization ( compartment ) to supply isolation and unafraid environment before deploying sure application. For future work, we are looking frontward to implement our proposal in cloud computer science.