Technical reports: CMU-CyLab-09-003
| Title: | Efficient TCB Reduction and Attestation |
|---|---|
| Authors: | Jonathan M. McCune, Ning Qu, Yanlin Li, Anupam Datta, Virgil D. Gligor, Adrian Perrig |
| Publication Date: | March 9, 2009 |
| Full Report: | CMU-CyLab-09-003 (.pdf) |
Abstract
We develop a special-purpose hypervisor called TrustVisor that facilitates the execution of security-sensitive code in isolation from commodity OSes and applications. TrustVisor provides code and execution integrity as well as data secrecy and integrity for protected code, even in the presence of a compromised OS. These strong properties can be attested to a remote verifier. TrustVisor only adds 5306 lines to the TCB (over half of which is for cryptographic operations). TrustVisor imposes less than 7% overhead in the common case. This overhead is largely the result of today’s x86 hardware virtualization support.