|Title||The use of mTags for mandatory security: a case study|
|Publication Type||Journal Article|
|Year of Publication||2014|
|Authors||Rehman, A., A. Oliveira, M. Tripunitara, and S. Fischmeister|
|Journal||Software: Practice and Experience|
|Keywords||microkernels, research, security|
|Full Text|| |
mTags is an efficient mechanism that augments inter-thread messages with lightweight metadata. We introduce and discuss a case study that we have conducted in the use of mTags for realizing a kind of mandatory security. Although mTags can be implemented for any message passing thread-based system, we consider an implementation of it in the POSIX-compliant QNX Neutrino, a commercial microkernel-based system. The approach to mandatory security that we adopt is Usable Mandatory Integrity Protection, which has been proposed in recent research. We call our adaptation of Usable Mandatory Integrity Protection using mTags, μMIP. We discuss the challenges we faced, and our design and implementation that overcomes these challenges. We discuss the performance of our implementation for well-established benchmarks. We conclude with the observation that mTags can be useful and practical to realize mandatory security in realistic systems.