Title :
Bear -- A Resilient Kernel for Tactical Missions
Author :
Nichols, Charles ; Kanter, Morgon ; Taylor, Stephen
Author_Institution :
Thayer Sch. of Eng., Dartmouth Coll., Hanover, NH, USA
Abstract :
This paper describes Bear, a clean-slate, resilient operating system design intended to support military applications on scalable multi-processors and in embedded systems. The system combines a minimalist micro-kernel with an associated hypervisor, and presents only a 120Kbyte attack surface on 64-bit x86 blade servers. MULTICS-like protections are strictly enforced through extended page tables and Intel VTx extensions. The design utilizes multiple, overlapping, nondeterministic techniques to continually re-establish trust. This is achieved by dynamically regenerating core components of the system. The cumulative effect of this design style is to increase attacker workload by denying surveillance and persistence over time-scales consistent with tactical operations. Unlike traditional approaches to computer security, no attempt is made to detect intrusions: instead, we focus on continually validating, preserving, and re-establishing the ability of a mission to proceed.
Keywords :
computer network security; embedded systems; military communication; military computing; operating system kernels; Bear; Intel VTx extensions; MULTICS-like protections; attacker workload; computer security; embedded systems; minimalist micro-kernel; resilient kernel; resilient operating system design; scalable multiprocessors; tactical missions; word length 64 bit; x86 blade servers; Benchmark testing; Hardware; Kernel; Program processors; Surveillance; Virtual machine monitors; hypervisor; microkernel; resilience;
Conference_Titel :
Military Communications Conference, MILCOM 2013 - 2013 IEEE
Conference_Location :
San Diego, CA
DOI :
10.1109/MILCOM.2013.240
