Jonathan M. McCune
Adrian Perrig
Michael K. Reiter
ABSTRACT
We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful, fine-grained attestation of the code executed (as well as its inputs and outputs) to a remote party. Flicker guarantees these properties even if the BIOS, OS and DMA-enabled devices are all malicious. Flicker leverages new commodity processors from AMD and Intel and does not require a new OS or VMM. We demonstrate a full implementation of Flicker on an AMD platform and describe our development environment for simplifying the construction of Flicker-enabled code.
- Advanced Micro Devices. AMD64 virtualization: Secure virtual machine architecture reference manual. AMD Publication no. 33047 rev. 3.01, May 2005.Google Scholar
- D. P. Anderson. BOINC: A system for public-resource computing and storage. In Proceedings of the Workshop on Grid Computing, Nov. 2004. Google ScholarDigital Library
- D. P. Anderson, J. Cobb, E. Korpela, M. Lebofsky, and D. Werthimer. SETIυHome: An experiment in public-resource computing. Communications of the ACM, 45(11):56--61, 2002. Google ScholarDigital Library
- D. Balfanz. Access Control for Ad-hoc Collaboration. PhD thesis, Princeton University, 2001. Google ScholarDigital Library
- P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceedings of SOSP, 2003. Google ScholarDigital Library
- D. Brumley and D. Song. Privtrans: Automatically partitioning programs for privilege separation. In Proceedings of USENIX Security Symposium, 2004. Google ScholarDigital Library
- B. Chen and R. Morris. Certifying program execution with secure procesors. In Proceedings of HotOS, 2003. Google ScholarDigital Library
- T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In Proceedings of SOSP, 2003. Google ScholarDigital Library
- D. Grawrock. The Intel Safer Computing Initiative: Building Blocks for Trusted Computing. Intel Press, 2006.Google Scholar
- S. Halevi and H. Krawczyk. Public-key cryptography and password protocols. ACM Trans. Information and System Security, 2(3), 1999. Google ScholarDigital Library
- Hewlett-Packard, Intel, Microsoft, Phoenix, and Toshiba. Advanced configuration and power interface specification, Revision 3.0b Oct. 2006.Google Scholar
- Intel Corporation. LaGrande technology preliminary architecture specification. Intel Publication no. D52212, May 2006.Google Scholar
- S. Jiang. WebALPS implementation and performance analysis. Master's thesis, Dartmouth College, 2001.Google Scholar
- S. Jiang, S. Smith, and K. Minami. Securing web servers against insider attack. In Proc. of the Computer Security Applications Conference, 2001. Google ScholarDigital Library
- B. Kaliski and J. Staddon. PKCS #1: RSA cryptography specifications. RFC 2437, 1998. Google ScholarDigital Library
- B. Kauer. OSLO: Improving the security of Trusted Computing. In Proceedings of the USENIX Security Symposium, Aug. 2007. Google ScholarDigital Library
- D. Kilpatrick. Privman: A library for partitioning applications. In USENIX Annual Technical Conference, 2003.Google Scholar
- J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and A. Seshadri. Minimal TCB code execution (extended abstract). In Proceedings of the IEEE Symposium on Security and Privacy, May 2007. Google ScholarDigital Library
- J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and A. Seshadri. How low can you go' Recommendations for hardware-supported minimal TCB code execution. In Proceedings of the Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Mar. 2008. Google ScholarDigital Library
- D. Molnar. The SETIυHome problem. ACM Crossroads, 7.1, 2000. Google ScholarDigital Library
- G. C. Necula and P. Lee. The design and implementation of a certifying compiler. In Proceedings of the ACM PLDI, 1998. Google ScholarDigital Library
- G. C. Necula, S. McPeak, S. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Proceedings of the Conference on Compilier Construction, 2002. Google ScholarDigital Library
- Y. K. Okuji, B. Ford, E. S. Boleyn, and K. Ishiguro. The multiboot specification, Version 0.6.95. 2006.Google Scholar
- N. Provos, M. Friedl, and P. Honeyman. Preventing privilege escalation. In the USENIX Security Symposium, Aug. 2003. Google ScholarDigital Library
- B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. C. Mitchell. Stronger password authentication using browser extensions. In Proceedings of the USENIX Security Symposium, Aug. 2005. Google ScholarDigital Library
- R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the USENIX Security Symposium, 2004. Google ScholarDigital Library
- A. Seshadri, M. Luk, E. Shi, A. Perrig, L. VanDoorn, and P. Khosla. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In Proceedings of SOSP, 2005. Google ScholarDigital Library
- E. Shi, A. Perrig, and L. van Doorn. BIND: A time-of-use attestation service for secure distributed systems. In Proceedings of IEEE Symposium on Security and Privacy, May 2005. Google ScholarDigital Library
- L. Singaravelu, C. Pu, H. Haertig, and C. Helmuth. Reducing TCB complexity for security-sensitive applications: Three case studies. In Proceedings of ACM EuroSys, 2006. Google ScholarDigital Library
- S. W. Smith and S. Weingart. Building a high-performance, programmable secure coprocessor. Computer Networks, 31(8), Apr. 1999. Google ScholarDigital Library
- R. Ta-Min, L. Litty, and D. Lie. Splitting interfaces: Making trust between applications and operating systems configurable. In Proceedings of OSDI, 2006. Google ScholarDigital Library
- Trusted Computing Group. PC client specific TPM interface specification (TIS). Version 1.2, Revision 1.00. http://www.trustedcomputinggroup.org, July 2005.Google Scholar
- Trusted Computing Group. Trusted platform module main specification, Part 1: Design principles, Part 2: TPM structures, Part 3: Commands, July 2007. Version 1.2, Revision 103.Google Scholar
- B. S. Yee. Using Secure Coprocessors. PhD thesis, Carnegie Mellon University, 1994.Google Scholar
- S. Zdancewic, L. Zheng, N. Nystrom, and A. Myers. Secure program partitioning. ACM Trans. on Computer Systems, 20(3), Aug. 2002. Google ScholarDigital Library
Index Terms
- Flicker: an execution infrastructure for tcb minimization
Recommendations
Flicker: an execution infrastructure for tcb minimization
EuroSys '08We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful, fine-grained attestation of the code executed (as well as its ...
How low can you go?: recommendations for hardware-supported minimal TCB code execution
ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systemsWe explore the extent to which newly available CPU-based security technology can reduce the Trusted Computing Base (TCB) for security-sensitive applications. We find that although this new technology represents a step in the right direction, significant ...
How low can you go?: recommendations for hardware-supported minimal TCB code execution
ASPLOS '08We explore the extent to which newly available CPU-based security technology can reduce the Trusted Computing Base (TCB) for security-sensitive applications. We find that although this new technology represents a step in the right direction, significant ...
Comments