TWC: Medium: Collaborative: Trustworthy Programs Without A Trustworthy Operating System

TWC：媒介：协作：无需可信操作系统的可信程序

• 批准号: 1228839
• 负责人: Donald Porter
• 金额: $ 44.72万
• 依托单位: SUNY at Stony Brook
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2016-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1228839&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Trustworthy; Programs

The operating system (OS) exercises complete control over applications, thus a compromise of the OS compromises every application. Software developers have little recourse to improve security in the face of system compromise---they cannot defend against OS vulnerabilities, nor can they reasonably substitute a secure version of the millions of lines of code that constitute a modern OS.Rather than require applications to blindly trust OS interactions, this project investigates a system architecture that enables trusted applications to efficiently verify OS interactions with the help of a small, trusted hypervisor. Most verification work is performed within the C language runtime, minimizing changes to legacy code and shielding developers from increased programming complexity.The prototype system, called InkTag,improves upon prior work in several key areas: it provides more efficient techniques to verify system call results, implements usable access control for resources managed by an untrusted OS, and introduces hardware and software techniques to further reduce the size of the trusted computing base.Cloud computing provides energy and economic efficiencies, but suffers from the inability to give meaningful security guarantees to hosted applications. This project demonstrates that system security is possible without trusting the OS---a large part of the hosted infrastructure. This project is also developing new materials for undergraduate and graduate curricula that combine core knowledge of systems with an understanding of how systems provide security properties, equipping future computer professionals with a better understanding of what security guarantees a system can meaningfully provide.

操作系统（OS）完全控制应用程序，因此操作系统的妥协会危及每个应用程序。软件开发人员在面对系统危害时几乎没有办法提高安全性——他们无法防御操作系统漏洞，也无法合理地替换构成现代操作系统的数百万行代码的安全版本。本项目没有要求应用程序盲目地信任操作系统交互，而是研究了一种系统体系结构，该体系结构使受信任的应用程序能够在小型、受信任的管理程序的帮助下有效地验证操作系统交互。大多数验证工作都是在C语言运行时中执行的，这样可以最大限度地减少对遗留代码的更改，并使开发人员免受增加的编程复杂性的影响。原型系统，称为InkTag，在几个关键领域改进了先前的工作：它提供了更有效的技术来验证系统调用结果，为由不受信任的操作系统管理的资源实现了可用的访问控制，并引入了硬件和软件技术来进一步减小可信计算基础的大小。云计算提供了能源和经济效率，但无法为托管应用程序提供有意义的安全保证。该项目表明，不信任操作系统（托管基础设施的很大一部分）也可以实现系统安全性。该项目还为本科和研究生课程开发了新的材料，将系统的核心知识与系统如何提供安全属性的理解结合起来，使未来的计算机专业人员更好地理解系统可以有效地提供哪些安全保证。

项目成果

Civet: An Efficient Java Partitioning Framework for Hardware Enclaves

• 发表时间: 2020
• 作者: Chia-che Tsai;Jeongseok Son;Bhushan Jain;John McAvey;Raluca A. Popa;Donald E. Porter