Abstract

It is very difficult, if not impossible, to guarantee that large, complex software programs are free of security vulnerabilities that can be exploited by attackers. Even if only a small part of a large application is security-critical, and this part is carefully constructed and statically analyzed to be secure, it still executes at runtime with a sea of untrusted software. In particular, the commodity operating system may be compromised, leaving security monitors in applications and middleware exposed. We discuss the Bastion architecture whose design goal is to enable trusted software modules to execute securely, even when there is malware in the system and the O.S. may be compromised. Bastion has a processor-hypervisor Trusted Computing Base, with hardware trust anchors and mechanisms for protecting the hypervisor, which then protects trusted software modules in the applications or O.S. space. Together with minimal trust chains, Bastion also provides the architectural equivalents of sealed storage and trustworthy attestation without using an external TPM chip. We discuss some of its defenses against both software and hardware threats, and its scalability to multiple trust domains.

Speaker’s Bio: Ruby B. Lee is the Forrest G. Hamrick Professor of Engineering and Professor of Electrical Engineering at Princeton University, with an affiliated appointment in the Computer Science department. She is the director of the Princeton Architecture Laboratory for Multimedia and Security (PALMS). Her current research is in security‐aware computer architecture, secure cloud computing, trustworthy and resilient systems, crypto acceleration, secure mobile computing, secure embedded systems and DDoS mitigation. She is a Fellow of the Association for Computing Machinery (ACM) and a Fellow of the Institute of Electrical and Electronic Engineers (IEEE). She is often asked to help or co‐lead U.S. national efforts to improve cyber security research. She is also Associate Editor‐in‐Chief of IEEE Micro and Advisory Board member of IEEE Spectrum. She is a member of the Phi Beta Kappa and Alpha Lambda Delta honoraries, and various Who’s Who. She has been granted over 120 United States and international patents. Prior to joining the Princeton faculty, Dr. Lee served as chief architect at Hewlett‐Packard, responsible at different times for processor architecture, multimedia architecture and security architecture. She introduced multimedia instructions into microprocessors, was a founding architect of HP’s PA‐RISC architecture and instrumental in the design of several generations of PA‐RISC processors for commercial and technical systems, and also co‐led an Intel‐HP IA‐64 architecture team. Concurrent with full‐time employment at HP, Dr. Lee also served as Consulting Professor of Electrical Engineering at Stanford University. She has a Ph.D. in Electrical Engineering and a M.S. in Computer Science, both from Stanford University, and an A.B. with distinction from Cornell University.