Scalable architectural support for trusted software

David Champagne, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

133 Scopus citations

Abstract

We present Bastion, a new hardware-software architecture for protecting security-critical software modules in an untrusted software stack. Our architecture is composed of enhanced microprocessor hardware and enhanced hypervisor software. Each trusted software module is provided with a secure, fine-grained memory compartment and its own secure persistent storage area. Bastion is the first architecture to provide direct hardware protection of the hypervisor from both software and physical attacks, before employing the hypervisor to provide the same protection to security-critical OS and application modules. Our implementation demonstrates the feasibility of bypassing an untrusted commodity OS to provide application security and shows better security with higher performance when compared to the Trusted Platform Module (TPM), the current industry state-of-the-art security chip. We provide a proof-of-concept implementation on the OpenSPARC platform.

Original languageEnglish (US)
Title of host publicationHPCA-16 2010 - The 16th International Symposium on High-Performance Computer Architecture
PublisherIEEE Computer Society
ISBN (Print)9781424456581
DOIs
StatePublished - 2010
Event16th International Symposium on High-Performance Computer Architecture, HPCA-16 2010 - Bangalore, India
Duration: Jan 9 2010Jan 14 2010

Publication series

NameProceedings - International Symposium on High-Performance Computer Architecture
ISSN (Print)1530-0897

Other

Other16th International Symposium on High-Performance Computer Architecture, HPCA-16 2010
Country/TerritoryIndia
CityBangalore
Period1/9/101/14/10

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Scalable architectural support for trusted software'. Together they form a unique fingerprint.

Cite this