Architectural Support for Containment-based Security [abstract] (PDF)
Hansen Zhang, Soumyadeep Ghosh, Jordan Fix, Sotiris Apostolakis, Stephen R. Beard, Nayana P. Nagendra, Taewook Oh, and David I. August
To Appear: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), April 2019.
Software security techniques rely on correct execution by the hardware.
Securing hardware components has been challenging due to their complexity and
the proportionate attack surface they present during their design, manufacture,
deployment, and operation. Recognizing that external communication represents
one of the greatest threats to a systemâs security, this paper introduces the
TrustGuard containment architecture. TrustGuard contains malicious and
erroneous behavior using a relatively simple and pluggable gatekeeping hardware
component called the Sentry. The Sentry bridges a physical gap between the
untrusted system and its external interfaces. TrustGuard allows only
communication that results from the correct execution of trusted software,
thereby preventing the ill effects of actions by malicious hardware or software
from leaving the system. The simplicity and pluggability of the Sentry, which
is implemented in less than half the lines of code of a simple in-order
processor, enables additional measures to secure this root of trust, including
formal verification, supervised manufacture, and supply chain diversification
with less than a 15% impact on performance.