Hardware-Assisted Application-Level Access Control

Applications typically rely on the operating system to enforce access control policies such as MAC, DAC, or other policies. However, in the face of a compromised operating system, such protection mechanisms may be ineffective. Since security-sensitive applications are most motivated to maintain access control to their secret or sensitive information, and have no control over the operating system, it is desirable to provide mechanisms to enable applications to protect information with application-specific policies, in spite of a compromised operating system. In this paper, we enable application-level access control and information sharing with direct hardware support and protection, bypassing the dependency on the operating system. We analyze an originator-controlled information sharing policy (ORCON), where the content creator specifies who has access to the file created and maintains this control after the file has been distributed. We show that this policy can be enforced by the software-hardware mechanisms provided by the Secret Protection (SP) architecture, where a Trusted Software Module (TSM) is directly protected by SP’s hardware features. We develop a proof-of-concept text editor application which contains such a TSM. This TSM can implement many different policies, not just the originator-controlled policy that we have defined. We also propose a general methodology for trustpartitioning an application into security-critical and non-critical parts.