@inproceedings{ec2dfafe92f9492eae88024f96bf1476,
title = "Scalable architectural support for trusted software",
abstract = "We present Bastion, a new hardware-software architecture for protecting security-critical software modules in an untrusted software stack. Our architecture is composed of enhanced microprocessor hardware and enhanced hypervisor software. Each trusted software module is provided with a secure, fine-grained memory compartment and its own secure persistent storage area. Bastion is the first architecture to provide direct hardware protection of the hypervisor from both software and physical attacks, before employing the hypervisor to provide the same protection to security-critical OS and application modules. Our implementation demonstrates the feasibility of bypassing an untrusted commodity OS to provide application security and shows better security with higher performance when compared to the Trusted Platform Module (TPM), the current industry state-of-the-art security chip. We provide a proof-of-concept implementation on the OpenSPARC platform.",
author = "David Champagne and Lee, {Ruby B.}",
year = "2010",
doi = "10.1109/hpca.2010.5416657",
language = "English (US)",
isbn = "9781424456581",
series = "Proceedings - International Symposium on High-Performance Computer Architecture",
publisher = "IEEE Computer Society",
booktitle = "HPCA-16 2010 - The 16th International Symposium on High-Performance Computer Architecture",
address = "United States",
note = "16th International Symposium on High-Performance Computer Architecture, HPCA-16 2010 ; Conference date: 09-01-2010 Through 14-01-2010",
}