An Execution Infrastructure for TCB Minimization
نویسندگان
چکیده
We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful, fine-grained attestation of the code executed (as well as its inputs and outputs) to a remote party. Flicker guarantees these properties even if the BIOS, OS and DMA-enabled devices are all malicious. Flicker leverages new commodity processors from AMD and Intel and does not require a new OS or VMM. We demonstrate a full implementation of Flicker on an AMD platform and describe our development environment for simplifying the construction of Flicker-enabled code.
منابع مشابه
An approximation algorithm and FPTAS for Tardy/Lost minimization with common due dates on a single machine
This paper addresses the Tardy/Lost penalty minimization with common due dates on a single machine. According to this performance measure, if the tardiness of a job exceeds a predefined value, the job will be lost and penalized by a fixed value. Initially, we present a 2-approximation algorithm and examine its worst case ratio bound. Then, a pseudo-polynomial dynamic programming algorithm is de...
متن کاملSHEMP: Secure Hardware Enhanced MyProxy
While PKI applications differ in how they use keys, all applications share one assumption: users have keypairs. In previous work, we established that desktop keystores are not safe places to store private keys, because the TCB is too large. These keystores are also immobile, difficult to use, and make it impossible for relying parties to make reasonable trust judgments. Since we would like to u...
متن کاملAn Efficient TCB for a Generic Data Dissemination System
Several applications fall under the broad umbrella of data dissemination systems (DDS), where providers and consumers of information rely on untrusted, or even unknown middle-men to disseminate and acquire data. This paper proposes a security architecture for a generic DDS by identifying a minimal trusted computing base (TCB) for middle-men and leveraging the TCB to provide useful assurances re...
متن کاملEfficient TCB Reduction and Attestation
We develop a special-purpose hypervisor called TrustVisor that facilitates the execution of security-sensitive code in isolation from commodity OSes and applications. TrustVisor provides code and execution integrity as well as data secrecy and integrity for protected code, even in the presence of a compromised OS. These strong properties can be attested to a remote verifier. TrustVisor only add...
متن کاملA Comparison between Transcutaneous Bilirubin (TcB) and Total Serum Bilirubin (TSB) Measurements in Term Neonates
Background: Transcutaneous bilirubinometry (TCB) is a simple method for estimating bilirubin levels in neonates. This method is noninvasive, quick, and painless. We aimed to compare serum and cutaneous bilirubin measurements in term neonates.Method: In this descriptive cross-sectional study, 200 neonates with icter with birth weights of at least 2500 grams were studied. TCB was measured using a...
متن کامل