GGrantIndex
← Search

CT-ISG: Nexus: A New Operating System for Trusted Computing

$593,427FY2006CSENSF

Cornell University, Ithaca NY

Investigators

Abstract

Tamper-proof coprocessors for secure computing are poised to become a standard hardware feature on future computers. Current operating systems, however, lack the architecture and abstractions required to support trustworthy computing. A new OS abstraction, called active attestation, was developed that enables unforgeable, descriptive, parsimonious certificates about application properties to be constructed at any time. A new OS mechanism, called secure memory regions, was implemented that enables applications to protect the integrity and confidentiality of data on untrusted secondary storage. Finally, a new OS architecture was implemented that supports strong isolation without the use of heavyweight virtual machine technology. Combined, these three features enable a new operating system that permits a new class of applications that can provide strong guarantees about their runtime behavior. Such guarantees help secure systems against malware and viruses, authenticate users on remote computers, and rule out protocol attacks against distributed systems.

View original record on NSF Award Search →