ABSTRACT
We explore the extent to which newly available CPU-based security technology can reduce the Trusted Computing Base (TCB) for security-sensitive applications. We find that although this new technology represents a step in the right direction, significant performance issues remain. We offer several suggestions that leverage existing processor technology, retain security, and improve performance. Implementing these recommendations will finally allow application developers to focus exclusively on the security of their own code, enabling it to execute in isolation from the numerous vulnerabilities in the underlying layers of legacy code.
Supplemental Material
Available for Download
Supplemental material for How low can you go?: recommendations for hardware-supported minimal TCB code execution
- Advanced Micro Devices. AMD64 architecture programmer's manual: Volume 2: System programming. AMD Publication no. 24594 rev. 3.11, Dec. 2005.Google Scholar
- Advanced Micro Devices. AMD64 virtualization: Secure virtual machine architecture reference manual. AMD Publication no. 33047 rev. 3.01, May 2005.Google Scholar
- D.P. Anderson, J. Cobb, E. Korpela, M. Lebofsky, and D. Werthimer. [email protected]: An experiment in public-resource computing. Communications of the ACM, 45(11):56--61, 2002. Google Scholar
Digital Library
- W.A. Arbaugh, D.J. Farber, and J.M. Smith. A reliable bootstrap architecture. In Proceedings of the IEEE Symposium on Research in Security and Privacy, May 1997. Google Scholar
Digital Library
- P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Proceedings of the Symposium on Operating Systems Principles, 2003. Google Scholar
Digital Library
- S. Chaki, E. Clarke, A. Groce, S. Jha, and H. Veith. Modular verification of software components in C. IEEE Transactions on Software Engineering, 30(6), 2004. Google Scholar
Digital Library
- J.G. Dyer, M. Lindemann, R. Perez, R. Sailer, L. van Doorn, S.W. Smith, and S. Weingart. Building the IBM 4758 secure coprocessor. IEEE Computer, 34(10):57--66, 2001. Google Scholar
Digital Library
- D. Grawrock. The Intel Safer Computing Initiative: Building Blocks for Trusted Computing. Intel Press, 2006.Google Scholar
- Intel Corporation. Intel low pin count (LPC) interface specification. Revision 1.1, Aug. 2002.Google Scholar
- Intel Corporation. LaGrande technology preliminary architecture specification. Intel Publication no. D52212, May 2006.Google Scholar
- Intel Corporation. Trusted eXecution Technology -- preliminary architecture specification and enabling considerations. Document number 31516803, Nov. 2006.Google Scholar
- P. Jones. RFC3174: US Secure Hash Algorithm 1 (SHA-1). http://www.faqs.org/rfcs/rfc3174.html, Sept. 2001.Google Scholar
- J. Kuskin, D. Ofelt, M. Heinrich, J. Heinlein, R. Simoni, K. Gharachorloo, J. Chapin, D. Nakahira, J. Baxter, M. Horowitz, A. Gupta, M. Rosenblum, and J. Hennessy. The Stanford FLASH multiprocessor. In Proceedings of the Symposium on Computer Architecture, Apr. 1994. Google Scholar
Digital Library
- D. Lie, C.A. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J.C. Mitchell, and M. Horowitz. Architectural support for copy and tamper resistant software. In Architectural Support for Programming Languages and Operating Systems, 2000. Google Scholar
Digital Library
- D. Magenheimer. Xen/IA64 code size stats. Xen developer's mailing list: http://lists.xensource.com/, Sept. 2005.Google Scholar
- J.M. McCune, B. Parno, A. Perrig, M.K. Reiter, and H. Isozaki. An execution infrastructure for TCB minimization. Technical Report CMU-CyLab-07-018, Carnegie Mellon University, Dec. 2007.Google Scholar
- J.M. McCune, B. Parno, A. Perrig, M.K. Reiter, and A. Seshadri. Minimal TCB code execution (extended abstract). In Proceedings of the IEEE Symposium on Security and Privacy, May 2007. Google Scholar
Digital Library
- R. Sailer, E. Valdez, T. Jaeger, R. Perez, L. van Doorn, J.L. Griffin, and S. Berger. sHype: Secure hypervisor approach to trusted virtualized systems. Technical Report RC23511, IBM Research, Feb. 2005.Google Scholar
- R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the USENIX Security Symposium, 2004. Google Scholar
Digital Library
- A. Seshadri, M. Luk, E. Shi, A. Perrig, L. VanDoorn, and P. Khosla. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In Proceedings of the Symposium on Operating Systems Principals (SOSP), 2005. Google Scholar
Digital Library
- T. Shanley. The Unabridged Pentium 4. Addison Wesley, first edition edition, August 2004.Google Scholar
- E. Shi, A. Perrig, and L. van Doorn. BIND: A time-of-use attestation service for secure distributed systems. In Proceedings of IEEE Symposium on Security and Privacy, May 2005. Google Scholar
Digital Library
- G.E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Proceedings of the International Conference on Supercomputing, 2003. Google Scholar
Digital Library
- Trusted Computing Group. PC client specific TPM interface specification (TIS). Version 1.2, Revision 1.00, July 2005.Google Scholar
- Trusted Computing Group. Trusted platform module main specification. Version 1.2, Revision 94, Mar. 2006.Google Scholar
- B. S. Yee. Using Secure Coprocessors. PhD thesis, Carnegie Mellon University, 1994.Google Scholar
Index Terms
How low can you go?: recommendations for hardware-supported minimal TCB code execution
Recommendations
How low can you go?: recommendations for hardware-supported minimal TCB code execution
ASPLOS '08We explore the extent to which newly available CPU-based security technology can reduce the Trusted Computing Base (TCB) for security-sensitive applications. We find that although this new technology represents a step in the right direction, significant ...
How low can you go?: recommendations for hardware-supported minimal TCB code execution
ASPLOS '08We explore the extent to which newly available CPU-based security technology can reduce the Trusted Computing Base (TCB) for security-sensitive applications. We find that although this new technology represents a step in the right direction, significant ...
How low can you go?: recommendations for hardware-supported minimal TCB code execution
ASPLOS '08We explore the extent to which newly available CPU-based security technology can reduce the Trusted Computing Base (TCB) for security-sensitive applications. We find that although this new technology represents a step in the right direction, significant ...









Comments