Lecture 3 MOBILE PLATFORM SECURITY
|
|
- Ethel Mason
- 6 years ago
- Views:
Transcription
1 Lecture 3 MOBILE PLATFORM SECURITY
2 You will be learning: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common general architecture? 2
3 Mobile platform security Recall classes of basic security techniques: isolation Permission-based access control signing Hardware-based security features 3
4 Ecosystem stakeholders Platform provider Developer Mobile device Marketplace operator Mobile operator manufacturer See also: Book section 2.1. User Administrator Think about threat models! 4
5 Modeling threats Identify Assets and trust assumptions Potential adversaries Adversary capabilities/limitations Possible attack vectors Cf. Software Security course 5
6 Ecosystem stakeholders Platform provider Developer Mobile device Marketplace operator Mobile operator manufacturer See also: Book section 2.1. User Administrator Think about threat models! 6
7 Mobile platform architecture Mobile Library Service Plugin Mobile Platform (OS) OS middleware OS kernel System services (Inter-process ) communication (IPC) resources System libraries Legend Mobile Platform Component Third-Party Software Component 7
8 Platform security architecture Mobile Third-party library Third-party service System service System library User Platform Security Architecture Reference Monitor IPC Software Isolation Developer Platform Provider Administrator System Updater Management Boot Verifier Secure Storage Provider Policy Database Database Legacy DAC Installer Loader Execution Protection HW Security API Centralized Marketplace Operator Auxiliary Marketplace Operator Boot Integrity Secure Storage Identification Isolated Execution Authentication Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality 8
9 Step 1a: Developer publishes an application Mobile Developer requests permissions for his application Platform Security Architecture Developer submits the application to a centralized marketplace Developer In some platforms the application can be directly sideloaded to the mobile device Centralized Marketplace Operator Auxiliary Marketplace Operator Role Legend Some platforms support auxiliary marketplaces 9
10 Step 1b: Marketplace signs the application Mobile In some platforms the developer signs the app package Platform Security Architecture Developer Marketplace provider checks the application (and requested permissions) and signs the app package Centralized Marketplace Operator Auxiliary Marketplace Operator Role Legend 10
11 Step 2: installation Installer consults local policy database about requested permissions Mobile Installer checks application signature and requested permissions Installer may prompt the user to accept some of the requested permissions User installer component needs integrity protection Platform Security Architecture Installer stores assigned application permissions Boot Verifier Boot Integrity Permission and policy Role databases need integrity protection Policy Database Secure Storage Provider Secure Storage Legend Platform Security Component Installer Database Hardware-Security Functionality Developer Centralized Marketplace Operator Auxiliary Marketplace Operator Mobile device receives an application installation package from a marketplace (or developer) 11
12 Step 3a: loading Mobile Loader attaches permissions to the started process User Platform Security Architecture Developer Policy Database Installer Centralized Marketplace Operator Boot Verifier Secure Storage Provider Database Loader Auxiliary Marketplace Operator Loader reads permissions from the permission database Loader component needs integrity protection Boot Integrity Role Secure Storage Platform Security Component Legend Third-Party Software Component Integrity of installed application binaries Hardware-Security Functionality 12
13 Step 3b: execution OS/HW isolate applications from one another at runtime Reference monitor checks permissions to control access to system resources Some applications need secure state (e.g., DRM) Mobile Platform Security Architecture Some applications Role need Policy s and platform Database Boot Integrity secrecy for their persistent storage Platform Security Component need to communicate with each other and HW Boot Verifier Third-party library Reference Monitor Secure Storage Provider Secure Storage Database Legend Legacy DAC Identification Third-party service IPC Third-Party Software Component Software Isolation Installer Loader Isolated Execution System service System library HW Security API Execution Protection Authentication Hardware-Security Functionality User Developer Centralized Marketplace Operator Auxiliary Marketplace Operator Some applications need device identification and authentication (e.g., provisioning) 13
14 Step 4: System updates Platform providers issue (signed) system updates System updater rewrites parts of system software Mobile Third-party library Platform Security Architecture Reference Monitor System updater verifies received update using policy database Third-party service IPC System service System library Software Isolation User Developer Platform Provider Administrator System Updater Management Boot Verifier Secure Storage Provider Policy Database Database Legacy DAC Installer Loader Execution Protection HW Security API Centralized Marketplace Operator Auxiliary Marketplace Operator Administrators may update device policies and applications Boot Integrity Secure Storage Identification Isolated Execution Authentication Role System updates need secure state to prevent rollbacks to previous system version Platform Security Component Legend Third-Party Software Component System updates may Hardware-Security need device Functionality identification 14
15 Recap: main techniques 4. Permission-based access control Platform Provider Administrator Mobile Platform Security Architecture System Updater Management Boot Verifier Third-party library Reference Monitor Secure Storage Provider Policy Database Database Third-party service IPC 3. Permission assignment Legacy DAC System service Installer Loader Execution Protection System library Software isolation 5. isolation HW Security API User Developer Centralized Marketplace Operator Auxiliary Marketplace Operator 1. Permission request 2. signing 6. API to system functionality (e.g. secure storage) Boot Integrity Secure Storage Identification Isolated Execution Authentication Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality 15
16 Platform security architecture Mobile Third-party library Third-party service System service System library User Platform Security Architecture Reference Monitor IPC Software isolation Developer Platform Provider Administrator System Updater Management Boot Verifier Secure Storage Provider Policy Database Database Legacy DAC Installer Loader Execution Protection HW Security API Centralized Marketplace Operator Auxiliary Marketplace Operator Boot Integrity Secure Storage Identification Isolated Execution Authentication Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality Skip to other OSs Skip to Why Generalize? 16
17 Mobile platforms revisited Android ~2007 Java ME ~2001 feature phones : 3 billion devices! Not in smartphone platforms Symbian ~2004 First smartphone OS 17
18 Mobile platforms revisited ios ~2007 ip* devices; BSD-based MeeGo ~2010 Linux-based MSSF (security architecture) Windows Phone ~ Skip to Why Generalize? 18
19 Mobile Android Java/Dalvik/ART Library native User OS Middleware ActivityManagerService/ PackageManagerService Developer Platform Provider eg. Google System Updater Policy Database Installer Administrator Remote Management Loader Database Binder IPC Reference Monitor Execution Protection HW Security API (Java) Auxiliary Marketplace Operator Google Play and others Boot loader OS Kernel Legacy DAC Reference Monitor Binder IPC Execution Protection Boot Verifier (optional) SELinux MAC Reference Monitor Legacy IPC Boot Integrity Secure Storage Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality Android
20 Symbian First widely deployed smartphone OS EPOC OS for Psion devices (1990s) Microkernel architecture: OS components as user space services Accessed via inter-process communication (IPC) 20
21 Symbian Platform Security Introduced in ~2004 Apps distributed via Nokia Store Sideloading supported Permissions are called capabilities, fixed set (21) 4 Groups: User, System, Restricted, Manufacturer 21
22 Symbian Platform Security s identified by: UID from protected range, based on trusted code signature Or UID picked by developer from unprotected range Optionally, vendor ID (VID), based on trusted code signature 22
23 Mobile Symbian OS (C++) Shared Library (C++) Service (C++) User OS Middleware Platform Provider (Nokia) System Updater Policy Database Installer Service Database HW Security API Developer Centralized Marketplace Operator (Nokia Store) Boot loader Boot Verifier OS Kernel Reference Monitor Execution Protection IPC Software isolation Loader Boot Integrity Secure Storage Identification Authentication Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality Symbian
24 Apple ios Native application development in Objective C Web applications on Webkit Based on Darwin + TrustedBSD kernel extension TrustedBSD implements Mandatory Access Control Darwin also used in Mac OS X 24
25 ios Platform Security Apps distributed via itunes App Store One centralized signature authority Apple software vs. third party software Runtime protection All third-party software sandboxed with same profile Permissions: entitlements (post ios 6) Contextual permission prompts: e.g. location 25
26 Mobile ios Objective-C, C/C++ web Platform Provider Apple System Updater Policy Database Installer User Developer Administrator Apple Remote Management Database Loader Core OS Boot Verifier Reference Monitor (TrustedBSD MAC) Secure Storage Provider Execution Protection HW Security API (file system, key chain) Centralized Marketplace Operator Apple Boot Integrity Secure Storage Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality ios
27 MeeGo Linux-based open source OS Intel, Nokia, Linux Foundation Evolved from Maemo and Moblin development in Qt/C++ Partially buried, but lives on Linux Foundation shifted to HTML5-based Tizen MeeGo -> Mer -> Jolla s Sailfish OS 27
28 MeeGo Platform Security Mobile Simplified Security Framework (MSSF) Permissions: resource tokens Enforced via Smack Apps identified by signatures from software sources Policy specifies privileges grantable by software sources 28
29 Mobile MSSF C/C++ Library C/C++ Plugin C/C++ Service C/C++ User OS Middleware Platform Provider System Updater Policy Database Database Installer Loader HW Security API (file system) Developer Boot loader Boot Verifier OS Kernel Smack MAC Reference Monitor IPC Secure Storage (Integrity) Provider (IMA/EVM) Legacy DAC Reference monitor Software isolation Execution Protection Auxiliary Marketplace Operator Boot Integrity Secure Storage Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality MSSF
30 Why Generalize? The General Problem 30
31 Model for platform security Four processes to protect: 1. Software deployment 2. installation 3. Runtime operation 4. Platform management Skip to Big Picture 31
32 1. Software deployment Developing and publishing Design choices: Distribution : centralized vs. decentralized App signing: certified vs. self-signed Developer Centralized Marketplace Operator Auxiliary Marketplace Operator 32
33 1. Software deployment Design choices: App identification: global vs. local Developer Centralized Marketplace Operator More design choices discussed in book chapter 4. Auxiliary Marketplace Operator 33
34 Software deployment Android ios MSSF Symbian Distribution model Multiple marketplaces, sideloading Centralized marketplace Multiple marketplaces, sideloading Centralized marketplace, limited sideloading signing Developer signature Centralized signature Marketplace and developer signature Centralized or developer signing: affects set of permissions identifier Package ID, local Linux UID for permissions ID 3-part ID: Marketplace - package - application ID, vendor ID 34
35 2. App installation Acquiring/installing a new app Design choices: Permission assignment: user vs. authority? Permission granularity? updates: same origin vs. centrally authorized? Policy Database Installer Database 35
36 App permissions Ask user? Install or use time? Automatic granting? Revocation? What about libraries? Symbian ios Android 36
37 App permissions Android ios MSSF Symbian Granularity Fine-grained Pre-defined profiles (ios6 entitlements) Assignment Ask user: presentation Ask user or app signature by group (11), install time & runtime (6.0) Fixed profile for all apps by name, runtime Fine-grained Marketplacespecific rights profiles Coarse-grained Ask user or centralized signature never ask by name (21), install time Both Android (> 6.0) and ios allow revocation of granted permissions 37
38 App permissions Runtime permission changes Android ios MSSF Symbian Changes in process permissions at runtime Pre 6.0: Constant (except URI permissions) > 6.0: User can change rights User can change rights Rights can increase by plugin loading, decrease by request Constant (library loading can fail) Permissions of libraries App s permissions App s permissions Union of app and library permissions App s permissions (library perms must be a superset) 38
39 App updates Who can update an app? Same-origin: same dev. key Trusted marketplace(s) Allow anyone Android ios MSSF Symbian Updates allowed if Same-origin: must match old version s developer key Centrally signed Marketplace s trust level high enough Protected? Same-origin; Unprotected? Anyone 39
40 3. Runtime operation Design choices: Permission enforcement: where? App data protection: how to secure storage? Reference Monitor IPC Database Loader Hardware support: Lecture 4 Secure Storage Provider Legacy DAC Execution Protection 40
41 Runtime operation Access control enforcement: where is reference monitor? Where is access control enforced? Android ios MSSF Symbian UID/GID-based in kernel + IPC access control in Binder + application code Centralized D-Bus framework + socket IPC in kernel + application code Reference monitor for IPC calls + application code 41
42 Protecting data & code s: isolation for data access Platform: executables (see later) Android ios MSSF Symbian data integrity Own directory and Linux access control Access to own directory only Permissionbased policies Own directory 42
43 4. Platform management Bootup, platform integrity, updates Design choices: Boot integrity: secure vs. authenticated? Platform Provider System Updater Policy Database Boot Verifier Administrator Management Database 43
44 Secure boot vs. authenticated boot OS Kernel checker pass/fail OS Kernel measurer Boot block checker pass/fail Boot block measurer Firmware checker pass/fail Firmware measurer state Secure boot Authenticated boot 44
45 Boot integrity Secure boot Only authorized images can be booted Authenticated boot Access levels depend on booted image Android ios MeeGo Symbian Platform boot integrity Vendor-specific, verified boot Secure boot Secure boot, authenticated boot Secure boot 45
46 Platform data integrity Android ios MeeGo Symbian Platform data integrity Linux A/C, SELinux, UIDbased sandboxing Dedicated directory, code signing enforcement Linux A/C, Smack, IMA, EVM Dedicated directory IMA: Integrity measurement architecture EVM: Extended validation module (see An Overview of The Linux Integrity Subsystem ) 46
47 The big picture Recurring common themes Permission-based security architectures VAX /VMS privileges (~1970 s): adapted for applications Code signing (mid 1990 s): adapted for application installation /process isolation 47
48 The big picture Different choices in the design space lead to different architectures Open issues remain: can you think of some? More in Lecture 6 48
49 Platform security architecture Mobile Third-party library Third-party service System service System library User Platform Security Architecture Reference Monitor IPC Software isolation Developer Platform Provider Administrator System Updater Management Boot Verifier Secure Storage Provider Policy Database Database Legacy DAC Installer Loader Execution Protection HW Security API Centralized Marketplace Operator Auxiliary Marketplace Operator Boot Integrity Secure Storage Identification Isolated Execution Authentication Legend Role Platform Security Component Third-Party Software Component Hardware-Security Functionality
50 Hardware platform security Trusted Execution Environment HW Security API Boot Integrity Secure Storage Identification Isolated Execution Authentication
51 What is a TEE? Processor, memory, storage, peripherals Trusted Execution Environment Isolated and integrity-protected Chances are that: You have devices with hardware-based TEEs in them! But you don t have (m)any apps using them From the normal execution environment (Rich Execution Environment) 51
52 TEE overview 1. Platform integrity ( boot integrity ) 2. Secure storage 3. Isolated execution 4. identification 5. authentication REE App App Mobile OS TEE Trusted app Mobile device hardware Trusted OS Trusted app Verification root Cryptographic mechanisms certificate Identity Boot sequence Platform integrity Volatile memory Trusted application TEE mgmt layer key K D Non-volatile memory Secure storage and isolated execution Base identity identification pub key PK D authentication More information in the 2014 IEEE S&P article 52
53 Secure boot vs. authenticated boot OS Kernel checker OS Kernel measurer Boot block checker pass/fail Boot block measurer Firmware checker pass/fail Firmware measurer state Secure boot Why? How will you implement a checker? - hardcode H(Boot block checker) as reference value in checker (in Firmware)? Why? Authenticated boot State can be: - bound to stored secrets (sealing) - reported to external verifier (remote 54 attestation)
54 Boot code certificate Boot code hash Mobile device hardware TCB Platform integrity Certified by device manufacturer: Sig SK (H(boot code)) M manufacturer public key: PK M Legend Trust anchor (Hardware) Trust anchor (Code) TEE code External certificate Platform integrity Volatile memory Boot sequence Cryptographic mechanisms Launch boot code Verification root key K D Trusted Nonvolatile Stores measurements for (TA) authenticated boot memory TEE management Secure storage and isolated execution Base Signature identity verification algorithm identification 55
55 Legend Trust anchor (Hardware) Trust anchor (Code) TEE code External certificate Mobile device hardware TCB Secure storage Sealed-data = AuthEnc K (data...) D Volatile memory Boot sequence Verification root Cryptographic mechanisms Trusted (TA) TEE management Insecure Storage key K D Nonvolatile memory Base identity Protected memory Rollback protection Encryption algorithm Platform integrity Secure storage identification 56
56 Isolated execution Certified by device manufacturer TA code certificate TA code hash Mobile device hardware TCB Legend Trust anchor (Hardware) Trust anchor (Code) TEE code External certificate Volatile memory Boot sequence Verification root Cryptographic mechanisms Trusted (TA) key K D Nonvolatile memory Base identity Controls TA execution Platform integrity TEE management Secure storage and isolated execution identification TEE Entry from Rich Execution Environment 57
57 identification Multiple assigned identities (Certified by device manufacturer) Identity certificate Base identity Assigned identity Mobile device hardware TCB Legend Trust anchor (Hardware) Trust anchor (Code) TEE code External certificate Platform integrity Volatile memory Boot sequence Verification root Cryptographic mechanisms Trusted (TA) TEE management key K D Nonvolatile memory Secure storage and isolated execution Base identity One fixed device identity identification 58
58 authentication (and remote Mobile device hardware TCB attestation) External trust root Legend Trust anchor (Hardware) Trust anchor (Code) TEE code External certificate Verification root Cryptographic mechanisms Volatile memory Boot sequence Sign system state in remote attestation Platform integrity Trusted (TA) TEE management key K D Nonvolatile Used to protect/derive memory signature key Secure storage and isolated execution certificate Identity public key PK D Issued by device manufacturer authentication 59
59 Hardware security mechanisms (recap) 1. Platform integrity Secure boot Authenticated boot Identity certificate 2. Secure storage 3. Isolated execution Trusted Execution Environment (TEE) 4. identification 5. authentication Remote attestation Base identity Assigned identity Boot code certificate Boot code hash TA code certificate TA code hash External trust root Mobile device hardware TCB Legend Trust anchor (Hardware) Verification root Cryptographic mechanisms certificate Identity Trust anchor (Code) TEE code External certificate Boot sequence Platform integrity Volatile memory Trusted application TEE mgmt layer key K D Non-volatile memory Secure storage and isolated execution Base identity identification pub key PK D authentication Launch boot code TEE Entry from Rich Execution Environment 60
60 Rich execution environment (REE) App TEE API OS TEE system architecture App Trusted execution environment (TEE) Trusted app TEE entry Trusted app TEE management layer hardware and firmware with TEE support Architectures with single TEE ARM TrustZone TI M-Shield Smart card Crypto co-processor Trusted Platform Module (TPM) Architectures with multiple TEEs Intel SGX TPM (and Late Launch ) Hypervisor Figure adapted from: Global Platform. TEE system architecture
61 Legend: SoC : system-on-chip OTP: one-time programmable TEE hardware realization alternatives TEE component External Peripherals Off-chip memory External Peripherals Off-chip Memory External Peripherals Off-chip Memory On-SoC On-SoC On-SoC RAM ROM Processor core(s) RAM ROM Processor core(s) RAM ROM Processor core(s) OTP Fields Internal peripherals OTP Fields Internal peripherals OTP Fields Internal peripherals On-chip Security Subsystem External Security Co-processor External Secure Element (TPM, smart card) Embedded Secure Element (smart card) Processor Secure Environment (TrustZone, M-Shield) Figure adapted from: Global Platform. TEE system architecture
62 Did you learn: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common general architecture? Contributors: Kari Kostiainen, N. Asokan, Sini Ruohomaa, Luca Davi, Ahmad-Reza Sadeghi 63
63 Plan for the course Lecture 1: Platform security basics Lecture 2: Case study Android Lecture 3: Mobile platform security Lecture 4: Hardware security enablers Lecture 5: Usability of platform security Extra lecture: IoT Security Invited lecture: SE Android policies Extra lecture: Machine learning and security Lecture 6: Summary and outlook 64
Embedded System Security Mobile Hardware Platform Security
1 Embedded System Security Mobile Hardware Platform Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2017 Acknowledgement This slide set
More informationMobile Platform Security Architectures A perspective on their evolution
Mobile Platform Security Architectures A perspective on their evolution N. Asokan CARDIS 2012 Graz, Austria November 29, 2012 1 NA, KKo, JEE, Nokia Resarch Center 2011-2012 Introduction Recent interest
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2016 Acknowledgement This slide set is based on slides provided by
More informationOld, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures
Old, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures N. Asokan ACM CODASPY 11 Joint work with Kari Kostiainen, Elena Reshetova, Jan-Erik Ekberg Feb 22, 2011
More informationLecture Secure, Trusted and Trustworthy Computing Mobile Hardware Platform Security
1 Lecture Secure, Trusted and Trustworthy Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2015/2016 Overview General model for
More informationOn-board Credentials. N. Asokan Kari Kostiainen. Joint work with Jan-Erik Ekberg, Pekka Laitinen, Aarne Rantala (VTT)
On-board Credentials N. Asokan Kari Kostiainen Joint work with Jan-Erik Ekberg, Pekka Laitinen, Aarne Rantala (VTT) SPACE 2012 Chennai, India October 31, 2012 Outline On-board Credentials (ObCs): What
More informationLecture 2 PLATFORM SECURITY IN ANDROID OS
Lecture 2 PLATFORM SECURITY IN ANDROID OS You will be learning: Android as a software platform Internals and surrounding ecosystem Security techniques in Android: Application signing Application isolation
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Rob Coombs Security Marketing Director TechCon 11/10/15 Agenda Introduction Security Foundations on Cortex-M Security Foundations on Cortex-A Use cases
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Sr. Technical Marketing Manager Tech Symposia China 2015 November 2015 Agenda Introduction Security Foundations on ARM Cortex -M Security Foundations
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationOn-board Credentials. N. Asokan Nokia Research Center, Helsinki. Joint work with Jan-Erik Ekberg, Kari Kostiainen, Pekka Laitinen, Aarne Rantala (VTT)
On-board Credentials N. Asokan Nokia Research Center, Helsinki Joint work with Jan-Erik Ekberg, Kari Kostiainen, Pekka Laitinen, Aarne Rantala (VTT) Padova, July 2012 Outline On-board Credentials (ObCs):
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationTCG TPM2 Software Stack & Embedded Linux. Philip Tricca
TCG TPM2 Software Stack & Embedded Linux Philip Tricca philip.b.tricca@intel.com Agenda Background Security basics Terms TPM basics What it is / what it does Why this matters / specific features TPM Software
More informationProtecting your system from the scum of the universe
Protecting your system from the scum of the universe Gilad Ben-Yossef gilad@benyossef.com Twitter: @giladby About me My name is Gilad Ben-Yossef. I work on applied cryptography and security of the upstream
More informationTrusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague
Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July 2017 -- IETF 99 th, Prague 2 What do we mean by security? Communication Security Aims
More informationSMART DEVICES: DO THEY RESPECT YOUR PRIVACY?
SMART DEVICES: DO THEY RESPECT YOUR PRIVACY? Systems and Mobile Research Lab, Department of Computer Science and Engineering INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Presenter: Sandip Chakraborty sandipc@cse.iitkgp.ac.in
More informationTrustzone Security IP for IoT
Trustzone Security IP for IoT Udi Maor CryptoCell-7xx product manager Systems & Software Group ARM Tech Forum Singapore July 12 th 2017 Why is getting security right for IoT so important? When our everyday
More informationLaying a Secure Foundation for Mobile Devices. Stephen Smalley Trusted Systems Research National Security Agency
Laying a Secure Foundation for Mobile Devices Stephen Smalley Trusted Systems Research National Security Agency Trusted Systems Research Conduct and sponsor research to provide information assurance for
More informationProvisioning secure Identity for Microcontroller based IoT Devices
Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationLinux Kernel Security Update LinuxCon Europe Berlin, 2016
Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris james.l.morris@oracle.com Introduction Who am I? Kernel security subsystem maintainer Started kernel development w/ FreeS/WAN in 1999
More informationLecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015
Lecture 10 Denial of Service Attacks (cont d) Thursday 24/12/2015 Agenda DoS Attacks (cont d) TCP DoS attacks DNS DoS attacks DoS via route hijacking DoS at higher layers Mobile Platform Security Models
More informationTown Crier. Authenticated Data Feeds For Smart Contracts. CS5437 Lecture by Kyle Croman and Fan Zhang Mar 18, 2016
Town Crier Authenticated Data Feeds For Smart Contracts CS5437 Lecture by Kyle Croman and Fan Zhang Mar 18, 2016 Smart Contract Decentralized App: Programs are executed by all miners who reach consensus
More informationSIERRAWARE SIERRATEE FOR MIPS OMNISHIELD
SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD Introduction SierraTEE for MIPS OmniShield is a Global Platform compliant Trusted Execution Environment (TEE) designed for devices based on Imagination Technologies'
More informationProtecting your system from the scum of the universe
Protecting your system from the scum of the universe Gilad Ben-Yossef gilad@benyossef.com Twitter: @giladby About me My name is Gilad Ben-Yossef. I work on applied cryptography and security of the upstream
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Senior Technical Marketing Manager Shenzhen / ARM Tech Forum / The Ritz-Carlton June 14, 2016 Agenda Introduction Security Foundations on Cortex-A
More information#RSAC #RSAC Thing Thing Thing Thing Thing Thing Edge Edge Gateway Gateway Cut costs Create value Find information in data then act Maintain Things Enrol Authorized Users & Things Authentication
More informationDistributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing
Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 02/06/14 Goals Understand principles of: Authenticated booting, diference to (closed) secure
More informationNew Approaches to Connected Device Security
New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017 - If you connect it to the Internet, someone will try to hack it. - If what you put on the
More informationBeyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop
Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop Part2 Security Enclaves Tech Seminars 2017 Agenda New security technology for IoT Security Enclaves CryptoIsland
More informationIntelligent Terminal System Based on Trusted Platform Module
American Journal of Mobile Systems, Applications and Services Vol. 4, No. 3, 2018, pp. 13-18 http://www.aiscience.org/journal/ajmsas ISSN: 2471-7282 (Print); ISSN: 2471-7290 (Online) Intelligent Terminal
More informationLecture Embedded System Security Trusted Platform Module
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2015 Roadmap: TPM Introduction to TPM TPM architecture
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Roadmap: TPM
More informationTERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004
TERRA Authored by: Garfinkel,, Pfaff, Chow, Rosenblum,, and Boneh A virtual machine-based platform for trusted computing Presented by: David Rager November 10, 2004 Why there exists a need Commodity OS
More informationBinding keys to programs using Intel SGX remote attestation
Binding keys to programs using Intel SGX remote attestation Mark D. Ryan London Crypto Day 22 September 2017 1 Intel SGX Intel SGX is a set of processor instructions which allow one: To set up an enclave
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationHow I Learned to Stop Worrying and Love the Internet of Things
SESSION ID: SSC-W07 How I Learned to Stop Worrying and Love the Internet of Things Steven Sprague CEO Rivetz Corp @skswave The Big Shift Known Networks Ports Firewalls Packets SSL Known Devices Identity
More informationLinux Kernel Security Overview
Linux Kernel Security Overview Linux Security Summit Europe 2018 Edinburgh, UK James Morris jmorris@namei.org $ whoami Linux kernel security subsystem maintainer Linux kernel engineer at Microsoft Previously
More informationOP-TEE Using TrustZone to Protect Our Own Secrets
OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File System ELC Europe 2017, 23.10.2017 Marc Kleine-Budde Slide 1 - http://www.pengutronix.de
More informationModule: Cloud Computing Security
Module: Computing Security Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Computing Is Here Systems and Internet Infrastructure Security (SIIS)
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017 Roadmap: Trusted Computing Motivation
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationMobile Trusted Computing
INVITED PAPER Mobile Trusted Computing This paper surveys the trusted computing features in mobile computing platforms. By N. Asokan, Jan-Erik Ekberg, Kari Kostiainen, Anand Rajan, Carlos Rozas, Ahmad-Reza
More informationOperating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008
Operating System Security, Continued CS 136 Computer Security Peter Reiher January 29, 2008 Page 1 Outline Designing secure operating systems Assuring OS security TPM and trusted computing Page 2 Desired
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2017/18 Roadmap: TPM
More informationGoogle on BeyondCorp: Empowering employees with security for the cloud era
SESSION ID: EXP-F02 Google on BeyondCorp: Empowering employees with security for the cloud era Jennifer Lin Director, Product Management, Security & Privacy Google Cloud What is BeyondCorp? Enterprise
More informationIntroduction to Device Trust Architecture
Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform
More informationApplications of Attestation:
Lecture Secure, Trusted and Trustworthy Computing : IMA and TNC Prof. Dr. Ing. Ahmad Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2011/2012 1 Roadmap: TC
More informationGlobalPlatform Trusted Execution Environment (TEE) for Mobile
GlobalPlatform Trusted Execution Environment (TEE) for Mobile Kevin Gillick Executive Director, GlobalPlatform @GlobalPlatform_ www.linkedin.com/company/globalplatform GlobalPlatform Overview GlobalPlatform
More informationEDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC
EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE 6 2018 PUBLIC PUBLIC 2 Key concerns with IoT.. PUBLIC 3 Why Edge Computing? CLOUD Too far away Expensive connectivity
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationDistributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing
Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 30/05/11 Goals Understand principles of: Authenticated booting The difference to (closed) secure
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationHow to protect Automotive systems with ARM Security Architecture
How to protect Automotive systems with ARM Security Architecture Thanks to this app You can manoeuvre The new Forpel Using your smartphone! Too bad it s Not my car Successful products will be attacked
More informationAuthenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007
Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2007 Goals Understand: authenticated booting the difference
More informationFacing the Reality: Virtualization in a Microkernelbased Operating System. Matthias Lange, MOS, January 26th, 2016
Facing the Reality: Virtualization in a Microkernelbased Operating System Matthias Lange, MOS, January 26th, 2016 matthias.lange@kernkonzept.com Today's take aways Microkernel systems are used to build
More informationBeyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development
Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationLecture 9. PSiOS: Bring Your Own Privacy & Security to ios Devices. Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi and Thorsten Holz
Lecture 9 PSiOS: Bring Your Own Privacy & Security to ios Devices Tim Werthmann, Ralf Hund, Lucas Davi, Ahmad-Reza Sadeghi and Thorsten Holz Operating Systems Practical December 3, 2014 OSP Lecture 9,
More informationAuthenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009
Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2009 Goals Understand principles of: authenticated booting the
More informationCIS 4360 Secure Computer Systems Secured System Boot
CIS 4360 Secure Computer Systems Secured System Boot Professor Qiang Zeng Spring 2017 Previous Class Attacks against System Boot Bootkit Evil Maid Attack Bios-kit Attacks against RAM DMA Attack Cold Boot
More informationTrusted Platform for Mobile Devices: Challenges and Solutions
Trusted Platform for Mobile Devices: Challenges and Solutions Lily Chen Motorola Inc. May 13, 2005 Outline Introduction Challenges for a trusted platform Current solutions Standard activities Summary New
More informationThe Next Steps in the Evolution of Embedded Processors
The Next Steps in the Evolution of Embedded Processors Terry Kim Staff FAE, ARM Korea ARM Tech Forum Singapore July 12 th 2017 Cortex-M Processors Serving Connected Applications Energy grid Automotive
More informationMobile Middleware Course. Mobile Platforms and Middleware. Sasu Tarkoma
Mobile Middleware Course Mobile Platforms and Middleware Sasu Tarkoma Role of Software and Algorithms Software has an increasingly important role in mobile devices Increase in device capabilities Interaction
More informationCIS 4360 Secure Computer Systems SGX
CIS 4360 Secure Computer Systems SGX Professor Qiang Zeng Spring 2017 Some slides are stolen from Intel docs Previous Class UEFI Secure Boot Windows s Trusted Boot Intel s Trusted Boot CIS 4360 Secure
More informationSurviving in the wilderness integrity protection and system update. Patrick Ohly, Intel Open Source Technology Center Preliminary version
Surviving in the wilderness integrity protection and system update Patrick Ohly, Intel Open Source Technology Center Preliminary version Motivation for the talk Why bother? Why yet another talk? What s
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 25 - Virtual machine security December 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Implementation and Results Experimental Platform Exact specification
More informationThe Future of Security is in Open Silicon Linux Security Summit 2018
The Future of Security is in Open Silicon Linux Security Summit 2018 Joel Wittenauer - Embedded Software Architect Rambus Cryptography Research August 28, 2018 Agenda About Rambus Cryptography Research
More informationCreating a Practical Security Architecture Based on sel4
Creating a Practical Security Architecture Based on sel4 Xinming (Simon) Ou University of South Florida (many slides borrowed/adapted from my student Daniel Wang) 1 Questions for sel4 Community Is there
More informationBuilding Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal Devices OpenIT - 07.03.2014 by Javier González Javier González - jgon@itu.dk Philippe Bonnet - phbo@itu.dk Digital Society Distrust Users Personal Information! Information
More informationGSE/Belux Enterprise Systems Security Meeting
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 1 In the news Microsoft Exposes Scope of Botnet Threat By Tony Bradley, October 15, 2010 Microsoft's
More informationBeyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited
Beyond TrustZone PSA Rob Coombs Security Director Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security analyses Summary
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationSecurity of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices
Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More information2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions
2 Lecture Embedded System Security A.-R. Sadeghi, @TU Darmstadt, 2011-2014 Android Security Extensions App A Perm. P 1 App B Perm. P 2 Perm. P 3 Kirin [2009] Reference Monitor Prevents the installation
More informationIoT It s All About Security
IoT It s All About Security Colin Walls colin_walls@mentor.com Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds
More informationSecurity of Embedded Systems
Security of Embedded Systems Matthias Schunter, Intel Labs, Ahmad Sadeghi, TU Darmstadt + Teams (F. Brasser, L. Davi, P. Koeberl, S. Schulz, et. al.) 1 2015 Intel Corporation What is an Embedded System?
More informationIntel s s Security Vision for Xen
Intel s s Security Vision for Xen Carlos Rozas Intel Corporation Xen Summit April 7-8, 7 2005 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS
More informationAndroid: A Security Analysis
Mythbusters! Security means different things to different people! Closed source more secure than open source! Security could be achieved by obscurity! Software-only security is good [enough]! Security
More informationDelivering High-mix, High-volume Secure Manufacturing in the Distribution Channel
Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel Steve Pancoast Vice President, Engineering Secure Thingz Inc Rajeev Gulati Vice President and CTO Data IO Corporation 1
More informationSecuring the System with TrustZone Ready Program Securing your Digital World. Secure Services Division
Securing the System with TrustZone Ready Program Securing your Digital World Secure Services Division 1 ARM Secure Services Division Established in Q4 2010 To enable a market for secure applications and
More informationA Proposed Standard for Entity Attestation draft-mandyam-eat-00. Laurence Lundblade. November 2018
A Proposed Standard for Entity Attestation draft-mandyam-eat-00 Laurence Lundblade November 2018 1 EAT Overall System Entity (e.g., Chip, Device ) Immutable private key for signing. Stored securely on
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationTrusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum
Trusted Virtual Domains: Towards Trustworthy Distributed Services Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum The Main Motivation Trustworthy Distributed Computing Selected Applications..
More informationWindows IoT Security. Jackie Chang Sr. Program Manager
Windows IoT Security Jackie Chang Sr. Program Manager Rest Physical access to a device will not give access to data Data & Control Execution Data owner has full control over data processing Motion Transport
More informationUnicorn: Two- Factor Attestation for Data Security
ACM CCS - Oct. 18, 2011 Unicorn: Two- Factor Attestation for Data Security M. Mannan Concordia University, Canada B. Kim, A. Ganjali & D. Lie University of Toronto, Canada 1 Unicorn target systems q High
More informationDate: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.
Date: 13 June 2018 @qualcomm Location: Sophia Antipolis Integrating the SIM Dr. Adrian Escott Qualcomm Technologies, Inc. Agenda 1 2 3 4 5 6 Path to isim isim Size benefit Hardware Architecture Certification
More informationBig and Bright - Security
Big and Bright - Security Big and Bright Security Embedded Tech Trends 2018 Does this mean: Everything is Big and Bright our security is 100% effective? or There are Big security concerns but Bright solutions?
More informationTrusted Computing and O/S Security
Computer Security Spring 2008 Trusted Computing and O/S Security Aggelos Kiayias University of Connecticut O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More informationCLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.
CLASS AGENDA INTEL SGX OVERVIEW... DEVELOPER TOOLKIT... DEVELOPING FOR INTEL SGX... BREAK FOR LUNCH... PROVISIONING SECRETS... DATA SEALING...... 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00
More informationSecure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices
Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria WIMA 2012 NFC Research Track 11 April 2012, Monaco
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationFour Components of a Computer System
Four Components of a Computer System Operating System Concepts Essentials 2nd Edition 1.1 Silberschatz, Galvin and Gagne 2013 Operating System Definition OS is a resource allocator Manages all resources
More information