English

Minimizing Trust with Exclusively-Used Physically-Isolated Hardware

Cryptography and Security 2022-10-24 v2 Hardware Architecture Operating Systems

Abstract

Smartphone owners often need to run security-critical programs on the same device as other untrusted and potentially malicious programs. This requires users to trust hardware and system software to correctly sandbox malicious programs, trust that is often misplaced. Our goal is to minimize the number and complexity of hardware and software components that a smartphone owner needs to trust to withstand adversarial inputs. We present a multi-domain hardware design composed of statically-partitioned, physically-isolated trust domains. We introduce a few simple, formally-verified hardware components to enable a program to gain provably exclusive and simultaneous access to both computation and I/O on a temporary basis. To manage this hardware, we present OctopOS, an OS composed of mutually distrustful subsystems. We present a prototype of this machine (hardware and OS) on a CPU-FPGA board and show that it incurs a small hardware cost compared to modern SoCs. For security-critical programs, we show that this machine significantly reduces the required trust compared to mainstream TEEs while achieving decent performance. For normal programs, performance is similar to a legacy machine.

Keywords

Cite

@article{arxiv.2203.08284,
  title  = {Minimizing Trust with Exclusively-Used Physically-Isolated Hardware},
  author = {Zhihao Yao and Seyed Mohammadjavad Seyed Talebi and Mingyi Chen and Ardalan Amiri Sani and Thomas Anderson},
  journal= {arXiv preprint arXiv:2203.08284},
  year   = {2022}
}
R2 v1 2026-06-24T10:14:56.255Z