• Home

  • Documents

  • Trustworthy Commodity Computation and Communication
1
Trustworthy Commodity Computation and Communication Enables dynamic, "transient trust" security policies for achieving the appropriate availability of highly sensitive information during emergencies in the face of determined adversaries. Research goal: Worked example of architectural foundation for trustworthy commodity mobile devices Multi-use, multi-context operations Approach: Clean-slate, HW/SW co-design Clean-slate design allows “break-through” ideas Secure-by-design architecture via tight integration Design goal: Security with performance, low cost and usability New least privilege separation-kernel and trusted services software to enforce MAC and securely manage resources Ruby B. Lee * (PI), Cynthia Irvine + , Terry Benzel # , Mung Chiang * Princeton University * , Naval Postgraduate School + , Information Science Institute/USC # NSF Grant No. CNS-0430487, CNS-0430566 and CNS-0430598 NSF Cyber Trust Principal Investigators Meeting March 16-18, 2008 New Haven, CT SP HW Architecture User-mode: enables controlled and secure access to user's secrets Authority mode: enables transient, policy-controlled access to third-party protected information, remotely Reduced mode: for use in low power applications Accomplishments Concept of operation Multilevel-secure (MLS) multi-use handheld device Different functional contexts correspond to different user roles: Everyday and emergency Normal or trusted Support inter-context secure sharing of information Trustworthy security architecture that can support dynamic security policies and services Core building blocks Security-aware processor extensions Least privilege separation kernel Trusted security services Secure operating-system services Trusted path application SecureCore Software Architecture WEST Contributing Members (alphabetically ordered) Ganesha Bhaskara # , Paul Clark + , Timothy Levin + , Thuy Nguyen + , Mark Orwat + , David Shifflett + , Timothy Vidas + Three partitions Software-emulated SP module LPSK utilizes hardware security mechanisms Segmentation Cal gates Hardware privilege levels Task state management SCSS and LPSK co- locate in same privilege level Secure Attention Key (SAK) Keyboard input Focus switch via SAK Simple crypto key management application Functional Prototype Design Concept of Operation

Trustworthy Commodity Computation and Communication

  • Upload
    dwight

  • View
    35

  • Download
    0

Tags:

Embed Size (px)

DESCRIPTION

WEST. Ruby B. Lee * (PI), Cynthia Irvine + , Terry Benzel # , Mung Chiang * Princeton University * , Naval Postgraduate School + , Information Science Institute/USC # NSF Grant No. CNS- 0430487 , CNS-0430566 and CNS-0430598. Trustworthy Commodity Computation and Communication - PowerPoint PPT Presentation

Citation preview

Page 1: Trustworthy Commodity Computation and Communication

Trustworthy Commodity Computation and CommunicationEnables dynamic, "transient trust" security policies for achieving the appropriate availability

of highly sensitive information during emergencies in the face of determined adversaries.

• Research goal: Worked example of architectural foundation for trustworthy commodity mobile devices

• Multi-use, multi-context operations• Approach: Clean-slate, HW/SW co-design

• Clean-slate design allows “break-through” ideas• Secure-by-design architecture via tight integration

• Design goal: Security with performance, low cost and usability • New least privilege separation-kernel and trusted services

software to enforce MAC and securely manage resources

Ruby B. Lee* (PI), Cynthia Irvine+, Terry Benzel#, Mung Chiang*

Princeton University*, Naval Postgraduate School+, Information Science Institute/USC#

NSF Grant No. CNS-0430487, CNS-0430566 and CNS-0430598

NSF Cyber Trust Principal Investigators MeetingMarch 16-18, 2008

New Haven, CT

SP HW Architecture• User-mode: enables controlled and secure

access to user's secrets• Authority mode: enables transient, policy-

controlled access to third-party protected information, remotely

• Reduced mode: for use in low power applications

Accomplishments• Concept of operation• Multilevel-secure (MLS) multi-use handheld device• Different functional contexts correspond to different user roles: • Everyday and emergency• Normal or trusted

• Support inter-context secure sharing of information• Trustworthy security architecture that can support dynamic security policies and services• Core building blocks• Security-aware processor extensions• Least privilege separation kernel• Trusted security services• Secure operating-system services• Trusted path application

SecureCore Software Architecture

WEST

Contributing Members (alphabetically ordered) Ganesha Bhaskara#, Paul Clark+, Timothy Levin+, Thuy Nguyen+, Mark Orwat+, David Shifflett+, Timothy Vidas+

• Three partitions

• Software-emulated SP module

• LPSK utilizes hardware security

mechanisms

• Segmentation

• Cal gates

• Hardware privilege levels

• Task state management

• SCSS and LPSK co-locate in

same privilege level

• Secure Attention Key (SAK)

• Keyboard input

• Focus switch via SAK

• Simple crypto key management

application

Functional Prototype Design

Concept of Operation

Trustworthy Security Framework for Wireless … Trustworthy Wireless Industrial Sensor Networks Trustworthy Security Framework for Wireless Industrial Sensor Networks Laura Gheorghe

Trustworthy Security Framework for Wireless … Trustworthy Wireless Industrial Sensor Networks Trustworthy Security Framework for Wireless Industrial Sensor Networks Laura Gheorghe

Documents
QualityAssurance of Trustworthy Smart IoTSystems · QualityAssurance of Trustworthy Smart IoTSystems E D T Y E Trustworthy ... and software services. Actuation conflict identification

QualityAssurance of Trustworthy Smart IoTSystems · QualityAssurance of Trustworthy Smart IoTSystems E D T Y E Trustworthy ... and software services. Actuation conflict identification

Documents
S-FaaS: Trustworthy and Accountable Function-as-a-Service ... › pdf › 1810.06080v1.pdf · (e.g. gamers) to become FaaS service providers. The idea of outsourcing computation to

S-FaaS: Trustworthy and Accountable Function-as-a-Service ... › pdf › 1810.06080v1.pdf · (e.g. gamers) to become FaaS service providers. The idea of outsourcing computation to

Documents
Trustworthy Machine Learning

Trustworthy Machine Learning

Documents
Trustworthy Software: U.S. Presentation

Trustworthy Software: U.S. Presentation

Documents
Trustworthy Browsing

Trustworthy Browsing

Documents
Affordable trustworthy-systems

Affordable trustworthy-systems

Software
Trustworthy Essex Plumbers

Trustworthy Essex Plumbers

Business
Parallel Computation of Laxge-Scale Nonlinear Network ... · parallel decomposition algorithms by time period and by commodity, respectively. We then turn to the parallel computation

Parallel Computation of Laxge-Scale Nonlinear Network ... · parallel decomposition algorithms by time period and by commodity, respectively. We then turn to the parallel computation

Documents
Trustworthy Compilers - GBV

Trustworthy Compilers - GBV

Documents
Trustworthy Wireless

Trustworthy Wireless

Documents
Trustworthy Numerical Computation in Scalalara.epfl.ch/~kuncak/papers/DarulovaKuncak11... · 1. Introduction Numerical computation has been one of the driving forces in the early

Trustworthy Numerical Computation in Scalalara.epfl.ch/~kuncak/papers/DarulovaKuncak11... · 1. Introduction Numerical computation has been one of the driving forces in the early

Documents
Our Trustworthy friends

Our Trustworthy friends

Education
Trustworthy Yet?

Trustworthy Yet?

Documents
NPS-CS-06-001 August 2006 - Welcome - Naval · PDF file · 2007-11-15NPS-CS-06-001 August 2006 | SecureCore Technical Report Trustworthy Commodity Computation and Communication

NPS-CS-06-001 August 2006 - Welcome - Naval · PDF file · 2007-11-15NPS-CS-06-001 August 2006 | SecureCore Technical Report Trustworthy Commodity Computation and Communication

Documents
Trustworthy & Ethical AI

Trustworthy & Ethical AI

Documents
Foundations of Trustworthy Leadership - WholeHearted · FOUNDATIONS OF TRUSTWORTHY LEADERSHIP WholeHearted leadership programs are grounded in six foundations of trustworthy leadership:

Foundations of Trustworthy Leadership - WholeHearted · FOUNDATIONS OF TRUSTWORTHY LEADERSHIP WholeHearted leadership programs are grounded in six foundations of trustworthy leadership:

Documents
SecureCore for Trustworthy Commodity Computing and

SecureCore for Trustworthy Commodity Computing and

Documents
Trustworthy Moving Services

Trustworthy Moving Services

Services
Trustworthy Commodity Computation and Communication

Trustworthy Commodity Computation and Communication

Documents
Making Distributed Computation Trustworthy by Construction · introduces a security-typed language (DSR) for developing distributed programs. Section 6 proves the non-interference

Making Distributed Computation Trustworthy by Construction · introduces a security-typed language (DSR) for developing distributed programs. Section 6 proves the non-interference

Documents
How 2 B Trustworthy

How 2 B Trustworthy

Education
Computation of Purchased Gas Commodity Cost Per Mc1 · NATIONAL FUEL GAS DISTRIBUTION CORPORATION Pennsylvania Division Computation of Purchased Gas Demand Cost Per Met On and After

Computation of Purchased Gas Commodity Cost Per Mc1 · NATIONAL FUEL GAS DISTRIBUTION CORPORATION Pennsylvania Division Computation of Purchased Gas Demand Cost Per Met On and After

Documents
7-Noah (Trustworthy Guide)

7-Noah (Trustworthy Guide)

Documents
Trustworthy Computing

Trustworthy Computing

Documents
Trustworthy Software

Trustworthy Software

Technology
Enterprise Email: Simply Trustworthy?

Enterprise Email: Simply Trustworthy?

Documents
Be TRUSTWORTHY 6- 8/2/2012. What does it mean by TRUSTWORTHY? Synonym of TRUSTWORTHY: Reliable, Responsible, Faithful

Be TRUSTWORTHY 6- 8/2/2012. What does it mean by TRUSTWORTHY? Synonym of TRUSTWORTHY: Reliable, Responsible, Faithful

Documents
Trustworthy Sensor Networks

Trustworthy Sensor Networks

Documents
MS - Trustworthy cloud

MS - Trustworthy cloud

Technology