Secure Portable Execution Environments: A Review of Available Technologies

Document Type

Conference Proceeding


Faculty of Health, Engineering and Science


School of Computer and Security Science


James, P. (2008). Secure Portable Execution Environments: A Review of Available Technologies. Paper presented at the Proceedings of the 6th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 1st to 3rd December 2008.


Live operating systems and virtualisation allow a known, defined, safe and secure execution environment to be loaded in to a PC’s memory and executed with either minimal or possibly no reliance on the PC’s internal hard disk drive. The ability to boot a live operating system or load a virtual environment (containing an operating system) from a USB storage device allows a secure portable execution environment to be created. Portable execution environments have typically been used by technologists, for example to recover data from a failing PC internal hard disk drive or to perform forensic analysis. However, with the commercial potential of portable execution environments becoming realised the requirement for such environments to be secure is becoming increasingly important. To be considered truly secure a portable execution environment should require authentication prior to loading the executing environment (from the USB mass storage device) and provide full encryption of the whole mass storage device. This paper discusses the outcomes from building four portable execution environments, using commercially available and/or freeware technologies. An overview is given of the emerging commercial requirement for secure portable USB execution environments, the security threats addressed and research performed in the area. The technologies and products considered in the review are outlined together with rationale behind the selection. The findings from the implementation of the four portable execution environments are discussed including successes, failures and difficulties encountered. A set of security requirements is defined which is used to gauge the effectiveness of each of the four environments.



Access Rights




Link to publisher version (DOI)