Reference:
In the 19th Symposium on Operating System Principles (SOSP 2003).
Abstract:
We present a flexible architecture for trusted computing, called
Terra, that allows applications with a wide range of security
requirements to run simultaneously on commodity hardware.
Applications on Terra enjoy the semantics of running on a separate,
dedicated, tamper-resistant hardware platform, while retaining the
ability to run side-by-side with normal applications on a
general-purpose computing platform. Terra achieves this synthesis
by use of a trusted virtual machine monitor (TVMM) that
partitions a tamper-resistant hardware platform into multiple,
isolated virtual machines (VM), providing the appearance of
multiple boxes on a single, general-purpose platform. To each VM,
the TVMM provides the semantics of either an ``open box,'' i.e. a
general-purpose hardware platform like today's PCs and
workstations, or a ``closed box,'' an opaque special-purpose
platform that protects the privacy and integrity of its contents
like today's game consoles and cellular phones. The software stack
in each VM can be tailored from the hardware interface up to meet
the security requirements of its application(s). The hardware and
TVMM can act as a trusted party to allow closed-box VMs to
cryptographically identify the software they run, i.e. what is in
the box, to remote parties. We explore the strengths and
limitations of this architecture by describing our prototype
implementation and several applications that we developed for it.
Full paper: [ps] [pdf] [Bibtex Entry]