A prototype B3 trusted X Window System

Epstein, Jeremy; McHugh, John; Pascale, Rita; Orman, Hilarie; Benson, G.; Martin, Charles R.; Marmor-Squires, A.; Danner, B.; Branstad, Martha

doi:10.1109/csac.1991.213019

Cited by 16 publications

(7 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, both works neglect restrictions in window management. Similarly, Epstein et al address security issues like weak authentication, unlimited sharing of X resources, between applications or overlapping windows in X11 [8] and propose mechanisms [7] to prevent them. However, they do not enforce permission based display access restrictions.…”

Section: Related Workmentioning

confidence: 99%

An access control concept for novel automotive HMI systems

Gansel

Schnitzer

Gilbeau-Hammoud

et al. 2014

Proceedings of the 19th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

The relevance of graphical functions in vehicular applications has increased significantly during the few last years. Modern cars are equipped with multiple displays used by different applications such as speedometer or navigation system. However, so far applications are restricted to using dedicated displays. In order to increase flexibility, the requirement of sharing displays between applications has emerged. Sharing displays leads to safety and security concerns since safety-critical applications as the dashboard warning lights share the same displays with uncritical or untrusted applications like the navigation system or third-party applications. To guarantee the safe and secure sharing of displays, we present a formal model for defining and controlling the access to display areas in this paper. We prove the validity of this model, and present a proof-of-concept implementation to demonstrate the feasibility of our concept.

show abstract

Section: Related Workmentioning

confidence: 99%

An access control concept for novel automotive HMI systems

Gansel

Schnitzer

Gilbeau-Hammoud

et al. 2014

Proceedings of the 19th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

show abstract

“…According to [17], the X11 Windowing System does not provide security. Trusted X [4] has been proposed to provide security for the X Windowing System targeting the requirements in TCSEC B3 (superseded by [13, ISO 15408-2]) but has not been certified. To provide isolation, an untrusted X server and a window manager is deployed for each security level which impacts scalability.…”

Section: Related Workmentioning

confidence: 99%

Towards Virtualization Concepts for Novel Automotive HMI Systems

Gansel

Schnitzer

Dürr

et al. 2013

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Many innovations in the automotive industry are based on electronics and software, which has led to a steady increase of electronic control units (ECU) in cars. This brought up serious scalability and complexity issues in terms of cost, installation space, and energy consumption. In order to tackle these problems, there is a strong interest to consolidate ECUs using virtualization technologies. However, current efforts largely neglect legal constraints and certification issues and the resulting technical requirements. In this paper, we focus on the consolidation of graphics hardware through virtualization, which received a lot of interest in the car industry due to the growing relevance of HMI systems such as head unit and instrument cluster in modern cars. First, we investigate relevant ISO standards and legal requirements and derive seven technical requirements for a virtualized automotive HMI system. Based on these requirements, we present the concept for a Virtualized Automotive Graphics System (VAGS ) that allows for the consolidation of mixed-criticality graphics ECUs.

show abstract

“…There have been different efforts to build trusted X. Epstein [13], [12], [11] and Woodward [42] describe different trusted X implementations. Picciotto [31] presents two approaches for implementing trusted cut and paste operation in X.…”

Section: Related Workmentioning

confidence: 99%

TrustGraph: Trusted Graphics Subsystem for High Assurance Systems

Okhravi

Nicol

2009

2009 Annual Computer Security Applications Conference

View full text Add to dashboard Cite

High assurance MILS and MLS systems require strict limitation of the interactions between different security compartments based on a security policy. Virtualization can be used to provide a high degree of separation in such systems. Even with perfect isolation, however, the I/O devices are shared between different security compartments. Among the I/O controllers, the graphics subsystem is the largest and the most complex. This paper describes the design and implementation of TrustGraph, a trusted graphics subsystem for high assurance systems. First, we explain the threats and attacks possible against an unsecured graphics subsystem. We then describe the design of TrustGraph, the security principles it is built upon, and its implementation. Finally, we verify our implementation through different levels of verification which include functionality testing for simple operations, attack testing for security mechanisms, and formal verification for the critical components of the implementation. An analysis of the graphics API covert channel attack is presented, its channel capacity is measured, and the capacity is reduced using the idea of fuzzy time.

show abstract

A prototype B3 trusted X Window System

Cited by 16 publications

References 1 publication

An access control concept for novel automotive HMI systems

An access control concept for novel automotive HMI systems

Towards Virtualization Concepts for Novel Automotive HMI Systems

TrustGraph: Trusted Graphics Subsystem for High Assurance Systems

Contact Info

Product

Resources

About