Secure Componentization
Secure Componentization entails the ability to segment and distribute large and complex software into a number of simpler, isolated components with explicit authorization of communication among them. Open Kernel Labs OKL4 offers native lightweight execution environments to support fine-grained partitioning in order to increase the trustworthiness of embedded system software. A Secure Decomposition solution has the following characteristics:Software system components are isolated from one another in protected execution environments.
- Components can be constructed with a choice of granularity, from full virtual machines with guest operating systems to much lighter weight execution environments.
- Communication among components is explicitly authorized to improve implementation security.
- Decomposition of complex existing software can be done incrementally and to any extent appropriate for a given project.
OK Labs Secure Decomposition solution is realized in the following products:
- OKL4: A high-performance system software platform built using cutting-edge microkernel technology, which provides trustworthy virtualization and Secure Decomposition capability for embedded systems
- OK Linux: A pre-built and paravirtualized version of the Linux kernel and base libraries, ready to run as a guest OS under OKL4
- Planned near-term enhancements to OK Labs existing support for Secure Decomposition include
- Adding capability-based protection mechanisms, allowing authorization of communication among software components to be implemented
- Enhancing the usability of OKL4 lightweight components, including the addition of support for POSIX threading, file systems, tracing, and message passing