The trusted computing base of the PERSEUS security framework contains only a small amount of security-critical components, while all other non-critical operating system services can be provided by the untrusted legacy operating system. Depending on the required security services, we expect the complexity of the trusted computing base to be less than 100.000 lines of code.
Reduced Failure Probability: The PERSEUS security framework has a very high reliability and credibility due to the reduced complexity of security relevant components, that reduces the probability of failures during the development and maintenance process, which in turn increases the trustworthiness of the implementation.
Layered Design: The security framework was designed following a strictly layered design approach. Each layer of the design, e.g., hardware, virtualization, and trusted software, implements an abstraction layer that itself depends on lower layers. This design principle reduced the complexity of the overall architecture. Moreover, the layered design allows to test every layer separately.
: Since the PERSEUS framework contains only elementary security services that are securely isolated from other operating system services, these components are independent of new features and drivers provided by higher-level services (e.g., the legacy operating system). Therefore, we expect only infrequent code changes of security-critical components which allows that they can become more stable over time.
Evaluation: The reduced complexity of security-relavant components and infrequent code changes make an evaluation according to security standards, e.g. the common criteria, possible and efficient.