One main design goal of EMSCB is the realization of a minimal and therefore manageable, stable and evaluable security kernel for conventional hardware platforms such as IBM-PCs, servers, embedded systems, and mobile devices like PDAs and smartphones. This requirement is fulfilled by extracting only security-critical operations and data to the security kernel. The resulting architecture is illustrated below:
The EMSCB security architecture includes the following abstraction layers:
Hardware: The hardware layer includes conventional hardware like a CPU, memory, and hardware devices. Moreover, the hardware layer provides trusted computing technology, e.g., a TPM.
Resource Management: The main task of the resource management layer is the provision of an abstract interface of the underlying hardware resources like interrupts, memory and hardware devices. Moreover, this layer allows to share these resources and realizes access control enforcement on the object types known to this layer.
Trusted Software: By efficiently combining the services provided by the hardware layer and the resource management layer, the trusted software layer (TSL) extends the interfaces of the underlying services by security properties and ensures isolation of the applications executed on top of this layer. Examples of security services are a secure user interface (trusted GUI, trusted path), secure booting, and mutually trusted storage.
Applications: On top of the trusted software layer, security-critical and non-critical applications are executed in parallel. Legacy operating systems can be executed as isolated applications on top of the trusted software layer to provide end-users a common user interface and a backward-compatible application binary interface (ABI) and allows application providers to reuse existing non-critical applications and components.