A secure and reliable bootstrap architecture

TitleA secure and reliable bootstrap architecture
Publication TypeConference Papers
Year of Publication1997
AuthorsArbaugh WA, Farber DJ, Smith JM
Conference Name, 1997 IEEE Symposium on Security and Privacy, 1997. Proceedings
Date Published1997/05/04/7
PublisherIEEE
ISBN Number0-8186-7828-3
Keywordsactive networks, AEGIS architecture, bootstrap architecture, Computer architecture, computer bootstrapping, data integrity, Distributed computing, Hardware, hardware validity, initialization, integrity chain, integrity check failures, Internet, Internet commerce, IP networks, Laboratories, lower-layer integrity, Microprogramming, Operating systems, recovery process, reliability, robust systems, Robustness, Security, security of data, software reliability, system integrity guarantees, system recovery, transitions, Virtual machining
Abstract

In a computer system, the integrity of lower layers is typically treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, the integrity of a layer can be guaranteed if and only if: (1) the integrity of the lower layers is checked and (2) transitions to higher layers occur only after integrity checks on them are complete. The resulting integrity “chain” inductively guarantees system integrity. When these conditions are not met, as they typically are not in the bootstrapping (initialization) of a computer system, no integrity guarantees can be made, yet these guarantees are increasingly important to diverse applications such as Internet commerce, security systems and “active networks”. In this paper, we describe the AEGIS architecture for initializing a computer system. It validates integrity at each layer transition in the bootstrap process. AEGIS also includes a recovery process for integrity check failures, and we show how this results in robust systems

DOI10.1109/SECPRI.1997.601317