Accession Number : AD1024993


Title :   TrustGuard: A Containment Architecture with Verified Output


Descriptive Note : Technical Report


Corporate Author : Princeton University Princeton United States


Personal Author(s) : Ghosh,Soumyadeep


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1024993.pdf


Report Date : 01 Jan 2017


Pagination or Media Count : 145


Abstract : Computers today are so complex and opaque that a user cannot know everything occurring within the system. Most efforts toward computer security have focused on securing software. However, software security techniques implicitly assume correct execution by the underlying system, including the hardware. Securing these systems has been challenging due to their complexity and the proportionate attack surface they present during their design, manufacturing, deployment, and operation. Ultimately, the users trust in the system depends on claims made by each party supplying the systems components.This dissertation presents the Containment Architecture with Verified Output (CAVO) model in recognition of the reality that existing tools and techniques are insufficient to secure complex hardware components in modern computing systems. Rather than attempt to secure each complex hardware component individually, CAVO establishes trust in hardware using a single, simple, separately manufactured component, called the Sentry. The Sentry bridges a physical gap between the untrusted system and its external interfaces andcontains the effects of malicious behavior by untrusted system components before the external manifestation of any such effects. Thus, only the Sentry and the physical gap mustbe secured in order to assure users of the containment of malicious behavior. The simplicity and pluggability of CAVOs Sentry enable suppliers and consumers to take additional measures to secure it, including formal verification, supervised manufacture, and supply chain diversification.This dissertation also presents TrustGuard the first prototype CAVO design to demonstrate the feasibility of the CAVO model. TrustGuard achieves containment by only allowing the communication of correctly executed results of signed software.


Descriptors :   computer security , computer programs , computers , computer security software , servers(computer hardware) , OPERATING SYSTEMS(computers) , computing devices


Subject Categories : Computer Programming and Software


Distribution Statement : APPROVED FOR PUBLIC RELEASE