Tiered Trust for Useful Embedded Systems Security

Hudson Ayers, Prabal Dutta, Philip Levis, Amit Levy, Pat Pannuto, Johnathan Van Why, Jean Luc Watson

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Traditional embedded systems rely on custom C code deployed in a monolithic firmware image. In these systems, all code must be trusted completely, as any code can directly modify memory or hardware registers. More recently, some embedded OSes have improved security by separating userspace applications from the kernel, using strong hardware isolation in the form of a memory protection unit (MPU). Unfortunately, this design requires either a large trusted computing base (TCB) containing all OS services, or moving many OS services into userspace. The large TCB approach offers no protection against seemingly-correct backdoored code, discouraging the use of kernel code produced by others and complicating security audits. OS services in userspace come at a cost to usability and efficiency. We posit that a model enabling two tiers of trust for kernel code is better suited to modern embedded software practices. In this paper, we present the threat model of the Tock Operating System, which is based on this idea. We compare this threat model to existing security approaches, and show how it provides useful guarantees to different stakeholders.

Original languageEnglish (US)
Title of host publicationEuroSec 2022 - Proceedings of the 15th European Workshop on Systems Security
PublisherAssociation for Computing Machinery, Inc
Number of pages7
ISBN (Electronic)9781450392556
StatePublished - Apr 5 2022
Externally publishedYes
Event15th European Workshop on Systems Security, EuroSec 2022 - Virtual, Online, France
Duration: Apr 5 2022Apr 8 2022

Publication series

NameEuroSec 2022 - Proceedings of the 15th European Workshop on Systems Security


Conference15th European Workshop on Systems Security, EuroSec 2022
CityVirtual, Online

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering


  • IoT
  • embedded systems
  • operating systems
  • security


Dive into the research topics of 'Tiered Trust for Useful Embedded Systems Security'. Together they form a unique fingerprint.

Cite this