A SECURE RUNNING ENVIRONMENT FOR MULTIPLE PLATFORMS

Reijo M. Savola

Abstract

At present, the security critical operations of terminal devices are often being executed in the operating system, which may include security vulnerabilities due to implementation faults, for example. These vulnerabilities leave the system open to data leaks and attacks from viruses or other harmful programs. The European €-Confidential ITEA research project is developing device-independent, next-generation security solutions for software platforms. Critical operations are executed on a simple platform where the security operations are isolated in a separate module, which can be physically located in a terminal device or in a separate device such as a memory stick. This paper introduces a Secure Running Environment (SRE), in which the core security management of the platform is located. This contains sensible parts for the security of the operating system, middleware and applications. The security platform alone does not guarantee an adequate level of security. Security is a challenging and interdisciplinary field that demands holistic understanding, and validation of the realization of the security objectives and the solutions advancing them. The most common methods for security assurance are security analysis, security testing and security monitoring.

References

  1. €-Confidential Eureka ITEA Project Website www.iteaeconfidential.org, 2009
  2. Avižienis, A., Laprie, J.-C., Randell, B. and Landwehr, C. Basic Concepts and Taxonomy of Dependable and Secure Computing. In IEEE Tr. on Dependable and Secure Computing, Vol. 1, No. 1 Jan/Mar 2004, pp. 11-33.
  3. Devanbu, P. T. and Stubblebine, S. Security and Software Engineering: A Roadmap. In 22nd Int. Conf. of Software Engineering (ICSE), Limerick, Ireland, 2000.
  4. Firesmith, D. Specifying Reusable Security Requirements. In Journal of Object Technology, Vol. 3, No. 1, Jan/Feb 2004, pp. 61-75.
  5. ISO/IEC 15408. Common Criteria for Information Technology Security Evaluation, Version 2.2, 2004.
  6. Savola, R. A Framework for Security Modeling and Measurement. In IFIP TC 11.1 Annual Working Conference on Information Security Management, Richmond, Virginia, 2008.
  7. Savola, R., Röning, J., Sederholm, C., Heinonen, J., Uusitalo, I., Wieser, C., Mantere, M., Karppinen, K., Karinsalo, A., Karjalainen, K. Tietoturvaa kaikille raudoille (In Finnish, Information Security for all Platforms), Prosessori Magazine, No. 12/2008, pp. 30- 31.
Download


Paper Citation


in Harvard Style

M. Savola R. (2009). A SECURE RUNNING ENVIRONMENT FOR MULTIPLE PLATFORMS . In Proceedings of the 4th International Conference on Software and Data Technologies - Volume 2: ICSOFT, ISBN 978-989-674-010-8, pages 129-134. DOI: 10.5220/0002244201290134


in Bibtex Style

@conference{icsoft09,
author={Reijo M. Savola},
title={A SECURE RUNNING ENVIRONMENT FOR MULTIPLE PLATFORMS},
booktitle={Proceedings of the 4th International Conference on Software and Data Technologies - Volume 2: ICSOFT,},
year={2009},
pages={129-134},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002244201290134},
isbn={978-989-674-010-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Conference on Software and Data Technologies - Volume 2: ICSOFT,
TI - A SECURE RUNNING ENVIRONMENT FOR MULTIPLE PLATFORMS
SN - 978-989-674-010-8
AU - M. Savola R.
PY - 2009
SP - 129
EP - 134
DO - 10.5220/0002244201290134