TRUSTGUARD: A CONTAINMENT ARCHITECTURE WITH VERIFIED OUTPUT
Abstract:
Computers today are so complex and opaque that a user cannot know everything occurring
within the system. Most efforts toward computer security have focused on securing software.
However, software security techniques implicitly assume correct execution by the
underlying system, including the hardware. Securing these systems has been challenging
due to their complexity and the proportionate attack surface they present during their design,
manufacturing, deployment, and operation. Ultimately, the user’s trust in the system
depends on claims made by each party supplying the system’s components.
This dissertation presents the Containment Architecture with Verified Output (CAVO)
model in recognition of the reality that existing tools and techniques are insufficient to secure
complex hardware components in modern computing systems. Rather than attempt
to secure each complex hardware component individually, CAVO establishes trust in hardware
using a single, simple, separately manufactured component, called the Sentry. The
Sentry bridges a physical gap between the untrusted system and its external interfaces and
contains the effects of malicious behavior by untrusted system components before the external
manifestation of any such effects. Thus, only the Sentry and the physical gap must
be secured in order to assure users of the containment of malicious behavior. The simplicity
and pluggability of CAVO’s Sentry enable suppliers and consumers to take additional
measures to secure it, including formal verification, supervised manufacture, and supply
chain diversification.
This dissertation also presents TrustGuard—the first prototype CAVO design—to demonstrate
the feasibility of the CAVO model. TrustGuard achieves containment by only allowing
the communication of correctly executed results of signed software. The Sentry in
TrustGuard leverages execution information obtained from the untrusted processor to enable
efficient checking of the untrusted system’s work, even when the Sentry itself is simpler
and much slower than the untrusted processor. Simulations show that TrustGuard can
guarantee containment of malicious hardware components with a geomean of 8.5% decline
iii
in the processor’s performance, even when the Sentry operates at half the clock frequency
of the complex, untrusted processor.