FIDES: an advanced chip multiprocessor platform for secure next generation mobile terminals

We propose a secure platform on a chip multiprocessor, known as FIDES, in order to enable next generation mobile terminals to execute downloaded native applications for Linux. Its most important feature is the higher security based on multi-grained separation mechanisms: coarse-grained processor-level separation of the basic-function domain from other domains for such downloaded applications, medium-grained OS-level separation, and fine-grained process-level separation within SELinux. Four new technologies, which include three enhancements to SELinux, support the FIDES platform: 1) bus filter logic for processor-level separation can be implemented as a small logic, 2) XIP kernels for memory-efficient OS-level separation can reduce memory requirements by 182%, 3) policy separation for enhanced process-level separation can apply policies 2.1 times faster at system boot-up, and 4) dynamic access control can provide secure Inter-Domain Communications (IDCs) with an overhead of only 4% for IDC system calls. We implemented SELinuxes on an ARM-based multiprocessor. Therefore, the best-suited platform to secure next generation mobile terminals is the FIDES platform, which can provide higher security as well as higher performance and lower power consumption on chip multiprocessors leading the current technology trend of microprocessors.