Terra-Reference-Cited by-同舟云学术

Terra

Published:2003-12 Issue:5 Volume:37 Page:193-206
ISSN:0163-5980
Container-title:ACM SIGOPS Operating Systems Review
language:en
Short-container-title:SIGOPS Oper. Syst. Rev.

Author:

Garfinkel Tal¹,Pfaff Ben¹,Chow Jim¹,Rosenblum Mendel¹,Boneh Dan¹

Affiliation:

1. Stanford University

Abstract

We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. Applications on Terra enjoy the semantics of running on a separate, dedicated, tamper-resistant hardware platform, while retaining the ability to run side-by-side with normal applications on a general-purpose computing platform. Terra achieves this synthesis by use of a trusted virtual machine monitor (TVMM) that partitions a tamper-resistant hardware platform into multiple, isolated virtual machines (VM), providing the appearance of multiple boxes on a single, general-purpose platform. To each VM, the TVMM provides the semantics of either an "open box," i.e. a general-purpose hardware platform like today's PCs and workstations, or a "closed box," an opaque special-purpose platform that protects the privacy and integrity of its contents like today's game consoles and cellular phones. The software stack in each VM can be tailored from the hardware interface up to meet the security requirements of its application(s). The hardware and TVMM can act as a trusted party to allow closed-box VMs to cryptographically identify the software they run, i.e. what is in the box, to remote parties. We explore the strengths and limitations of this architecture by describing our prototype implementation and several applications that we developed for it.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/1165389.945464

Reference62 articles.

1. IBM mainframe servers: Case studies. http://www-1.ibm.com/servers/eserver/zseries/library/casestudies/.]] IBM mainframe servers: Case studies. http://www-1.ibm.com/servers/eserver/zseries/library/casestudies/.]]

2. IP security protocol (IPsec) charter. http://www.ietf.org/html.charters/ipsec-charter.html.]] IP security protocol (IPsec) charter. http://www.ietf.org/html.charters/ipsec-charter.html.]]

3. Security: IBM zSeries partitioning achieves highest certification. http://www-1.ibm.com/servers/eserver/zseries/security/certification.html December 2002.]] Security: IBM zSeries partitioning achieves highest certification. http://www-1.ibm.com/servers/eserver/zseries/security/certification.html December 2002.]]

4. Microsoft next-generation secure computing base---technical FAQ. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.asp February 2003.]] Microsoft next-generation secure computing base---technical FAQ. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.asp February 2003.]]

5. Cryptography and competition policy

Cited by 193 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Making Federated Learning Accessible to Scientists: The AI4EOSC Approach;Proceedings of the 2024 ACM Workshop on Information Hiding and Multimedia Security;2024-06-24

2. Playbook Workflow Builder: Interactive Construction of Bioinformatics Workflows from a Network of Microservices;2024-06-09

3. Hybrid concurrency control protocol for data sharing among heterogeneous blockchains;Frontiers of Computer Science;2024-01-22

4. Autonomous Vehicle Sensor Network Security Framework Using Anomaly Detection and Resource Limitation;SSRN Electronic Journal;2024

5. Toward a (Secure) Path of Least Resistance: An Examination of Usability Challenges in Secure Sandbox Systems;2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA);2023-11-01