Source:
The 16th IEEE International Symposium on High-Performance Computer Architecture (HPCA), Bangalore, India (2010)
Abstract:
We present Bastion, a new hardware-software
architecture for protecting security-critical software
modules in an untrusted software stack. Our
architecture is composed of enhanced microprocessor
hardware and enhanced hypervisor software. Each
trusted software module is provided with a secure,
fine-grained memory compartment and its own secure
persistent storage area. Bastion is the first architecture
to provide direct hardware protection of the
hypervisor from both software and physical attacks,
before employing the hypervisor to provide the same
protection to security-critical OS and application
modules. Our implementation demonstrates the
feasibility of bypassing an untrusted commodity OS to
provide application security and shows better security
with higher performance when compared to the
Trusted Platform Module (TPM), the current industry
state-of-the-art security chip. We provide a proof-of-
concept implementation on the OpenSPARC platform.
Notes:
Nominated for Best Paper Award.