ABSTRACT

Continuing advances in sophisticated and stealthy rootkits warrant a reexamination of a fundamental assumption made in application security, namely, that the underlying operating system is trustworthy. The conventional wisdom beneath this assumption is that it is impractical, if not impossible, to build security mechanisms without support from the operating system and hardware. The DHOSA project challenges this conventional wisdom, and seeks to develop an integrated suite of techniques that limit the harm that a hostile OS can inflict on an application. We are pursuing basic research on a wide range of topics, including virtualization and binary translation techniques to build security mechanisms over untrustworthy software components, new approaches that minimize the impact of vulnerabilities in operating systems, architectures and algorithms for building secure distributed systems, and formal methods to increase confidence in hypervisors, virtual machine monitors, binary translators, binary emulators, assemblers, compilers, and other critical trusted components.