Technical reports: CMU-CyLab-07-018
| Title: | An Execution Infrastructure for TCB Minimization |
|---|---|
| Authors: | Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, Hiroshi Isozaki |
| Publication Date: | December 18, 2007 |
| Full Report: | CMU-CyLab-07-018 (.pdf) |
Abstract
We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful, fine-grained attes-tation of the code executed (as well as its inputs and outputs) to a remote party. Flicker guarantees these properties even if the BIOS, OS and DMA-enabled devices are all malicious. Flicker leverages new commodity processors from AMD and Intel and does not require a new OS or VMM. We demonstrate a full implementation of Flicker on an AMD platform and describe our development environment for simplifying the construction of Flicker-enabled code.