Title:

TrustVisor: Efficient TCB Reduction and AttestationSpeaker: Adrian Perrig, Professor,

Carnegie Mellon UniversityDate: Mon., May 31, 2010, 10:00am~11:30amPlace: Science

library #614A (과학도서관 614A호)Abstract:An important security challenge is to

protect the execution of security-sensitive code on legacy systems from malware that

may infect the OS, applications, or system devices. Prior work experienced a tradeoff

between the level of security achieved and efficiency. In this work, we leverage the

features of modern processors from AMD and Intel to overcome the tradeoff to

simultaneously achieve a high level of security and high performance. We present

TrustVisor, a special-purpose hypervisor that provides code integrity as well as data

integrity and secrecy for selected portions of an application. TrustVisor achieves a

high level of security, first because it can protect sensitive code at a very fine

granularity, and second because it has a very small code base (only around 6K lines

of code) that makes verification feasible. TrustVisor can also attest the existence

of isolated execution to an external entity. We have implemented TrustVisor to

protect security-sensitive code blocks while imposing less than 7% overhead on the

legacy OS and its applications in the common case. Bio:Adrian Perrig is a Professor

in Electrical and Computer Engineering, Engineering and Public Policy, and Computer

Science at Carnegie Mellon University. Adrian serves as the technical director for

Carnegie Mellon''s Cybersecurity Laboratory (CyLab). He earned his Ph.D. degree in

Computer Science from Carnegie Mellon University, and spent three years during his

Ph.D. degree at the University of California at Berkeley. He received his B.Sc.

degree in Computer Engineering from the Swiss Federal Institute of Technology in

Lausanne (EPFL). Adrian''s research revolves around building secure systems and

includes network security, trustworthy computing and security for social networks.

More specifically, he is interested in trust establishment, trustworthy code

execution in the presence of malware, and how to design secure next-generation

networks. More information about his research is available on

http://www.ece.cmu.edu/~adrian/ web page.He is a recipient of the NSF CAREER award in

2004, IBM faculty fellowships in 2004 and 2005, the Sloan research fellowship in

2006, and the Security 7 award in the category of education by the Information

Security Magazine in 2009.