|Title:||An Execution Infrastructure for TCB Minimization|
|Authors:||Jonathan M. McCune, Bryan Parno, Adrian Perrig, Michael K. Reiter, Hiroshi Isozaki|
|Publication Date:||December 18, 2007|
We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful, fine-grained attes-tation of the code executed (as well as its inputs and outputs) to a remote party. Flicker guarantees these properties even if the BIOS, OS and DMA-enabled devices are all malicious. Flicker leverages new commodity processors from AMD and Intel and does not require a new OS or VMM. We demonstrate a full implementation of Flicker on an AMD platform and describe our development environment for simplifying the construction of Flicker-enabled code.
Full Report: CMU-CyLab-07-018