Operating systems (OS) form the core of the trusted computing base on most computer platforms. The security of a platform therefore crucially relies on the correct and secure operation of its OS. Unfortunately, malicious software such as rootkits infect the OS by compromising the integrity of its code and data, thereby jeopardizing the security of the entire platform. The goal of this project is to push the boundaries of hardware-assisted methods to ensure OS integrity. The methods explored include (1) formal verification of a hybrid hardware/software scheme that uses local memory to monitor OS integirty, (2) hardware support for kernel memory safety, and (3) a hardware-based scheme that leverages methods such as the ARM TrustZone to monitor the security of end-user devices. Throughout, the focus of this project is on developing hardware-based solutions to monitor OS integrity and to verify the security guarantees advertised by these solutions. The methods being developed can have broad impact by advancing the state of the art in personal, mobile and embedded device security. The proposed designs are close variants of currently-available hardware designs and are therefore likely to appeal to hardware manufacturers. The project also includes curriculum enhancements at the graduate and undergraduate level, and outreach programs aimed at high-school students as well as industry professionals.
SaTC: Hardware-Assisted Methods for Operating System Integrity