Bear -- A Resilient Kernel for Tactical Missions

Author

Nichols, Charles ; Kanter, Morgon ; Taylor, Stephen

Author_Institution

Thayer Sch. of Eng., Dartmouth Coll., Hanover, NH, USA

fYear

2013

fDate

18-20 Nov. 2013

Firstpage

1416

Lastpage

1421

Abstract

This paper describes Bear, a clean-slate, resilient operating system design intended to support military applications on scalable multi-processors and in embedded systems. The system combines a minimalist micro-kernel with an associated hypervisor, and presents only a 120Kbyte attack surface on 64-bit x86 blade servers. MULTICS-like protections are strictly enforced through extended page tables and Intel VTx extensions. The design utilizes multiple, overlapping, nondeterministic techniques to continually re-establish trust. This is achieved by dynamically regenerating core components of the system. The cumulative effect of this design style is to increase attacker workload by denying surveillance and persistence over time-scales consistent with tactical operations. Unlike traditional approaches to computer security, no attempt is made to detect intrusions: instead, we focus on continually validating, preserving, and re-establishing the ability of a mission to proceed.

Keywords

computer network security; embedded systems; military communication; military computing; operating system kernels; Bear; Intel VTx extensions; MULTICS-like protections; attacker workload; computer security; embedded systems; minimalist micro-kernel; resilient kernel; resilient operating system design; scalable multiprocessors; tactical missions; word length 64 bit; x86 blade servers; Benchmark testing; Hardware; Kernel; Program processors; Surveillance; Virtual machine monitors; hypervisor; microkernel; resilience;

fLanguage

English

Publisher

ieee

Conference_Titel

Military Communications Conference, MILCOM 2013 - 2013 IEEE

Conference_Location

San Diego, CA

Type

conf

DOI

10.1109/MILCOM.2013.240

Filename

6735822