Computers today are so complex and opaque that a user cannot possibly hope to know, let alone trust, everything occurring within the machine. While software security techniques help ensure the integrity of user computations, they are only as trustworthy as the underlying hardware. Even though many proposals provide some relief to the problem of hardware trust, the user must ultimately rely on the assurances of other parties. This work restores hardware trust through a simple, small, and slow pluggable hardware element. This project investigates techniques that provides a kernel of trust that keeps even the most aggressive systems in line without slowing them down and is easy to manufacture. For this slow but trusted hardware element to be useful in real world systems, it must not degrade system performance significantly. To achieve this goal, this work develops two complimentary techniques: dependence-free parallel verification of executed instructions, and cryptographic hash-based memory integrity assurance. Additionally, cryptographic hashing also ensures code integrity and prevents the processor from executing its own malicious code. A combination of these techniques provides a secure hardware environment where users need not worry about their data being compromises, as long as their software is also secure. Therefore, when combined with well-developed software security techniques, this work provides a significant increase in the level of trust users place in their computing systems.
SaTC: An Architecture for Restoring Trust in Our Personal Computing Systems