The crucial component for security in a computer system is the operation system. It controls the hardware resources and provides core services for all the applications. The security of the operating system kernel itself and of the (security-) services it offers are the basis to build secure, complex and networked IT infrastructures.
The TURAYA™ SecurityKernel is a security architecture that was developed on the functional requirements of the Common Criteria. Its goal is to provide a small security platform, which is hence comprehensive, stable and possible to validate.
It is designed to be cross-platform, covering the whole range of platforms from powerful server systems to laptops and PC's, to mobile devices like PDA's and smartphones.The TURAYA.SecurityKernel is a compact layer -- between hardware and application level -- which controls all critical hardware resources and can thus protect security critical applications.
In addition to the security services, legacy operating systems (like Windows and Linux) are executed in virtual machines, which are controlled by the security kernel and provide the familiar working environment to the user.The TURAYA.SecurityKernel provides crucial security machanisms like encryption which can be employed by applications like Home Banking, eGovernment and eCommerce:Secure BootThe Trusted Computing based hardware verifies the integrity of the system during the boot phase.
This ensures that the user (local users as well as remote users) are working with an untampered software and hardware configuration.IsolationUser applications and services are exclusively executed within virtual machines on top of the security kernel and the security services.
The security critical functionality of the kernel is thus isolated from the applications and effectively protects the system to be compromised by malware, like Trojan Horses, viruses and worms.Policy EnforcementThe virtual machines can only communicate with each other or the hardware via the services offered by the security platform.
The security kernel can thus govern these communications and enforce security policies.Least PrivilegeEvery system service and driver only has the privileges it needs to fulfill its work.
This prohibits the execution of malicious or errorneous code to spread over the whole system and to compromise the overall security of the system.Secure User InterfaceAll the user interfaces are controlled by the Trusted Computing base. A secure grafical user interface makes the authentification visible to the user and prohibits phishing attacks and Trojan Horses.The TURAYA.SecurityKernel results from the Perseus-Project, which started in 2000 at Saarland University, and is since 2002 developed and maintained by the Sirrx AG in collaboration with the Horst-Görtz-Institute (HGI) of the Ruhr-University of Bochum