Faculty of Computing and Information Science >
Computing and Information Science >
Computing and Information Science Technical Reports >
Please use this identifier to cite or link to this item:
|Title: ||Logical Attestation: An Authorization Architecture for Trustworthy Computing|
|Authors: ||Sirer, Emin Gun|
de Bruijn, William
|Issue Date: ||20-Sep-2011|
This paper describes the design and implementation of a new operating
system authorization architecture to support trustworthy computing.
Called logical attestation, this architecture provides a sound
framework for reasoning about run time behavior of applications.
Logical attestation is based on attributable, unforgeable statements
about program properties, expressed in a logic. These statements
are suitable for mechanical processing, proof construction, and verification;
they can serve as credentials, support authorization based
on expressive authorization policies, and enable remote principals
to trust software components without restricting the local user’s
choice of binary implementations.
We have implemented logical attestation in a new operating system
called the Nexus. The Nexus executes natively on x86 platforms
equipped with secure coprocessors. It supports both native
Linux applications and uses logical attestation to support new
trustworthy-computing applications. When deployed on a trustworthy
cloud-computing stack, logical attestation is efficient, achieves
high-performance, and can run applications that provide qualitative
guarantees not possible with existing modes of attestation.|
|Appears in Collections:||Computing and Information Science Technical Reports|
Files in This Item:
|twocol.pdf||Technical Paper re:trustworthy computing||296 kB||Adobe PDF||View/Open|
Items in eCommons are protected by copyright, with all rights reserved, unless otherwise indicated.