Download Reducing the Trusted Computing Base David Lie University of Toronto

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
Document related concepts

Fault tolerance wikipedia , lookup

Computer program wikipedia , lookup

Transcript 
Reducing the Trusted Computing Base
David Lie
Department of Electrical and Computer Engineering
University of Toronto
1
TCB’s are Complex
•
Trusted Computing Base: The components of a system that an
application must trust to function correctly
Application
(Application Dependent)
Application
Libraries
Other Applications
(10K’s of LOC)
(Millions of LOC)
Operating System & Hardware
(Millions of LOC)
•
Total Exposure for an application is in the millions to 10’s of
millions of LOC at least!
David Lie
Usenix Security 2005 WIPS
2
Isolate Application in a Separate VMM
•
One approach is to isolate the application in a separate VMM [Terra]
– VMM is added to the TCB, but TCB is still reduced because
unrelated applications are removed
Application
(Application Dependent)
Application
Libraries
Other Applications
(10K’s of LOC)
(Millions of LOC)
Operating
Operating
System
System &Operating
HardwareSystem
(Millions of LOC)
(Millions of LOC)
(Millions of LOC)
Virtual Machine Monitor
(10K’s LOC)
David Lie
Usenix Security 2005 WIPS
3
Reducing the TCB
•
However, the isolated application still has a TCB of millions of
LOC:
– Can we do better?
Security
Critical
Component
Application
App
(Application Dependent)
Minimal OS
(~10K LOC)
Application
Libraries
Other Applications
(10K’s of LOC)
(Millions of LOC)
Operating System
Operating Operating
System System
(Millions of LOC)
(Millions of LOC)
(Millions of LOC)
Virtual Machine Monitor
(10K’s LOC)
David Lie
Usenix Security 2005 WIPS
4
Total TCB Reduction
•
Millions of LOC → 10K’s LOC ~ 100x reduction
– OS is customizable for each component, only has
functionality the component needs
•
Small TCB can be made more secure:
– Easier for code audit
– Many tools (static and dynamic) scale exponentially with the
size of code
– Less effort/cost to harden smaller code base
– Can be protected by implementing in safer language
David Lie
Usenix Security 2005 WIPS
5
Related documents
Slide 1
Slide 1
Additional Table 1: Brachypodium marker genes regulated by
Additional Table 1: Brachypodium marker genes regulated by
Week 5 – Cogn, Loc
Week 5 – Cogn, Loc
Chapter 9 - People Server at UNCW
Chapter 9 - People Server at UNCW
Data Packet
Data Packet
What Is the Internet Powerpoint presentation - NC-NET
What Is the Internet Powerpoint presentation - NC-NET
Physics Chapter 5 Vocabulary Section 1 Energy: the ability to do
Physics Chapter 5 Vocabulary Section 1 Energy: the ability to do
Aztec - MSU Denver
Aztec - MSU Denver
Document
Document
Episode 13 Killer Coma Cases
Episode 13 Killer Coma Cases
Slide 1
Slide 1
Henry P. Moore Civil War Photograph Album
Henry P. Moore Civil War Photograph Album
American Music
American Music
Approach to Altered LOC
Approach to Altered LOC
Supporting Information Legends
Supporting Information Legends
Reasoning about Dynamic Depth Profiles
Reasoning about Dynamic Depth Profiles