Secure execution environment for critical applications in embedded systems based on Elbrus family computing facilities

Abstract

The problems of security computing are becoming increasingly relevant in connection with the integration of systems into a unified global Internet. Elbrus secure computing technology allows protecting the system from the internal program errors as well as external threats. The article describes the hardware and software components of a secure execution environment for critical applications in embedded systems based on computing means of the Elbrus family. The authors describe the basis of the Elbrus secure computing concept - the idea of a descriptor and external tags. They consider the revision of the main parts of the C language library and the kernel of the Linux operating system necessary for the implementation of this environment. The study investigates the issue of passing parameters to system calls from applications running in a secure environment. For such applications, the authors consider the process of dynamic binding of the modules loaded into memory. The method for detecting cases of the use of hung links due to the use of descriptors and external tags is presented in relation to the mechanism of orders and the release of dynamic memory. The authors suggest the container virtualization technology to detect memory leaks in a safe execution environment.