TWC: Medium: Collaborative: Trustworthy Programs Without A Trustworthy Operating System

TWC：媒介：协作：无需可信操作系统的可信程序

• 批准号: 1228843
• 负责人: Emmett Witchel
• 金额: $ 50万
• 依托单位: University of Texas at Austin
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2016-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1228843&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Trustworthy; Programs

The operating system (OS) exercises complete control over applications, thus a compromise of the OS compromises every application. Software developers have little recourse to improve security in the face of system compromise---they cannot defend against OS vulnerabilities, nor can they reasonably substitute a secure version of the millions of lines of code that constitute a modern OS.Rather than require applications to blindly trust OS interactions, this project investigates a system architecture that enables trusted applications to efficiently verify OS interactions with the help of a small, trusted hypervisor. Most verification work is performed within the C language runtime, minimizing changes to legacy code and shielding developers from increased programming complexity.The prototype system, called InkTag,improves upon prior work in several key areas: it provides more efficient techniques to verify system call results, implements usable access control for resources managed by an untrusted OS, and introduces hardware and software techniques to further reduce the size of the trusted computing base.Cloud computing provides energy and economic efficiencies, but suffers from the inability to give meaningful security guarantees to hosted applications. This project demonstrates that system security is possible without trusting the OS---a large part of the hosted infrastructure. This project is also developing new materials for undergraduate and graduate curricula that combine core knowledge of systems with an understanding of how systems provide security properties, equipping future computer professionals with a better understanding of what security guarantees a system can meaningfully provide.

操作系统（OS）对应用程序进行完全控制，因此OS的妥协会危及每个应用程序。软件开发人员在面对系统妥协时几乎没有办法提高安全性-他们无法防御OS漏洞，也无法合理地替换构成现代OS的数百万行代码的安全版本，而不是要求应用程序盲目信任OS交互本项目研究一种系统架构，该架构使可信应用程序能够在小型可信管理程序的帮助下有效地验证OS交互。 大多数验证工作都在C语言运行时中执行，从而最大限度地减少了对遗留代码的更改，并使开发人员免受编程复杂性增加的影响。原型系统称为InkTag，在几个关键领域对以前的工作进行了改进：它提供了更有效的技术来验证系统调用结果，为不受信任的操作系统管理的资源实现可用的访问控制，并引入硬件和软件技术来进一步缩小可信计算基础的规模。云计算提供了能源和经济效率，但无法为托管应用程序提供有意义的安全保证。这个项目证明了系统安全是可能的，而不信任操作系统-托管基础设施的很大一部分。 该项目还在为本科生和研究生课程编写新的材料，将联合收割机的核心知识与对系统如何提供安全特性的理解结合起来，使未来的计算机专业人员更好地了解系统可以提供哪些有意义的安全保证。