Title :
Scalable architectural support for trusted software
Author :
Champagne, David ; Lee, Ruby B.
Abstract :
We present Bastion, a new hardware-software architecture for protecting security-critical software modules in an untrusted software stack. Our architecture is composed of enhanced microprocessor hardware and enhanced hypervisor software. Each trusted software module is provided with a secure, fine-grained memory compartment and its own secure persistent storage area. Bastion is the first architecture to provide direct hardware protection of the hypervisor from both software and physical attacks, before employing the hypervisor to provide the same protection to security-critical OS and application modules. Our implementation demonstrates the feasibility of bypassing an untrusted commodity OS to provide application security and shows better security with higher performance when compared to the Trusted Platform Module (TPM), the current industry state-of-the-art security chip. We provide a proof-of-concept implementation on the OpenSPARC platform.
Keywords :
microprocessor chips; safety-critical software; secure storage; software architecture; Bastion; OpenSPARC platform; enhanced hypervisor software; enhanced microprocessor hardware; fine grained memory compartment; hardware-software architecture; scalable architectural support; secure persistent storage; security critical software modules; trusted software; Application software; Computer architecture; Hardware; Information security; Microprocessors; Operating systems; Protection; Scalability; Virtual machine monitors; Virtual machining;
Conference_Titel :
High Performance Computer Architecture (HPCA), 2010 IEEE 16th International Symposium on
Conference_Location :
Bangalore
Print_ISBN :
978-1-4244-5658-1
DOI :
10.1109/HPCA.2010.5416657
