A Lightweight Trusted Architecture and Service Mechanisms based on SylixOS.

With the advent of the Internet of Things (IoT), more and more embedded systems have been becoming networked and autonomous, however, which also brings a serious challenge to security. After analyzing the theory about trusted computing and dependable characteristics of embedded systems, in this paper, a lightweight trusted architecture has been studied, and further, several service mechanisms are proposed. In this architecture, trusted software base with whitelists is firstly established as the key foundation. On this basis, two main mechanisms: identity authentication of legal tasks and permission management of legal tasks, are designed for guaranteeing the running-time trust of an embedded system. Through the previous mechanism, any illegal task could be detected and prohibited in real-time. And via the latter, the behavior of any legal task could be restricted in the right range during its running. Finally, all these designs have been implemented within SylixOS as lightweight trusted services, and further, verified with several typical test cases we designed. In general, the thought of this work can also be a general and feasible reference for the development of trusted embedded systems running in a networked environment.