Trusted computing bases (TCB), i.e. the set of components that have to be trusted for a specific (security) objective, have grown large. Especially their Software parts consist of tens of million lines of code if based on modern commodity operating systems.

We report on an ongoing effort to reduce the SW parts of TCBs. Key insights are that TCBs should be considered to be application-specific, can and should be based on isolated components and reuse legacy by splitting into critical and uncritical parts. The talk discusses security objectives, design principles, isolation alternatives (HLL vs VM vs Microkernels), and studies in detail VPFS, a file system implemented following these principles. We will also mention caveats and limitations for practical usages.

Hermann Haertig is Professor for Operating Systems at the TU Dresden, Germany. His current research is in the area of micro-kernel-based operating systems with emphasis on support for real-time, high-security and fault-tolerant systems. From 1984 to 1994 he was a researcher at the German National Research Center for Computer Science (GMD) where he lead the BirliX OS project that lead to the BirliX Security Architecture. Hermann Haertig  received his Ph.D at Karlsruhe University in 1984. In addition to his various permanent positions, Dr. Haertig has had extended stays at Berkeley, MIT, Hebrew Univ. in Jerusalem, University of New South Wales in Sydney, Australia, and Intel MRL.