Implementing an Untrusted Operating System on Trusted Hardware

摘要

Recently, there has been considerable interest in providing "trusted computing platforms" using hardware ― TCPA and Palladium being the most publicly visible examples. In this paper we discuss our experience with building such a platform using a traditional time-sharing operating system executing on XOM ― a processor architecture that provides copy protection and tarnper-resistance functions. In XOM, only the processor is trusted; main memory and the operating system are not trusted. Our operating system (XOMOS) manages hardware resources for applications that don't trust it. This requires a division of responsibilities between the operating system and hardware that is unlike previous systems. We describe techniques for providing traditional operating systems services in this context. Since an implementation of a XOM processor does not exist, we use SimOS to simulate the hardware. We modify IRIX 6.5, a commercially available operating system to create XOMOS. We are then able to analyze the performance and implementation overheads of running an untrusted operating system on trusted hardware.