Trust extension for commodity computers

Bryan Parno
2012 Communications of the ACM  
contributed articles as soCIety rUshes to digitize sensitive information and services, users and developers must adopt adequate security protections. However, such protections often conflict with the benefits expected from commodity computers. Consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively low cost, but attempts to construct secure systems from the ground up are expensive, time-consuming, and unable to keep up
more » ... ith the changing marketplace. 2, 8, 11, 12 For example, the VAX VMM security kernel was developed over nine years (1981)(1982)(1983)(1984)(1985)(1986)(1987)(1988)(1989)(1990), but the kernel was never deployed. This failure was due, in part, to the absence of support for Ethernet, a feature considered crucial by the time the kernel was completed but not anticipated when originally designed. 11 key insights improving software security is insufficient; also needed is the ability to securely verify whether a computer employs the new software. Providing security on demand (such as via the flicker architecture) helps balance security, performance, and features. Verifiable computation allows a client to outsource the computation of a function and efficiently verify the results returned while keeping inputs and outputs private; constraining the way the worker/server computes the function enables such efficient verification.
doi:10.1145/2184319.2184339 fatcat:oxr7zwebyjhelpxt2quhbn5oai