Enforcing Hardware-Assisted Integrity for Secure Transactions from Commodity Operating Systems

Abstract

In this project, we tried to solve the isolation problem from a different perspective. We still set up two OSes for the user. One is the trusted OS for secure transactions; the other is the untrusted OS for normal transactions. To overcome the drawbacks of the VMMs, we provide a firmware-assisted system, referred to as secure switching system, which allows users to switch between a trusted operating system and an untrusted operating system on the same machine with a short switching time. In our solution, we put a small number of relatively trusted applications in the trusted OS, and a large number of untrusted applications in another untrusted OS. Even if the untrusted OS has been compromised, it cannot affect the applications in the trusted OS. Our solution reduces the attack surface for secure transactions by establishing a tailored trustworthy space and enables secure transactions with very low switching time on commodity hardware platforms.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 17, 2015
Accession Number
ADA626068

Entities

People

  • Anup Ghosh
  • Christopher Greamo
  • Kun Sun

Tags

Communities of Interest

  • Energy and Power Technologies
  • Human Systems
  • Materials and Manufacturing Processes
  • Weapons Technologies

DTIC Thesaurus Topics

  • Abstracts
  • Agreements
  • Computer Program Documentation
  • Computer Programs
  • Computers
  • Contracts
  • Department Of Defense
  • Device Drivers
  • Engineering
  • Firmware
  • Hypervisors
  • Kernels (Operating System)
  • Operating Systems
  • Patents
  • Serial Ports
  • Students
  • Virtual Machines

Fields of Study

  • Computer science
  • Mathematics

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.

Technology Areas

  • Space