In response to the growing number of cyber security attacks worldwide, layers of security remedies and patches have been introduced in recent hardware and software systems. Although these solutions have thwarted some attacks, the reactive approach of adding yet another layer of indirection is not a panacea for all security problems. The dissertation aims to create secure systems throughout the computing stack, mainly using two approaches: (1) mitigating security hazards in legacy systems, and (2) designing systems that provide isolation at the lowest possible layer.
First, it highlights the security hazard of vulnerabilities in the graphics stack. To address this, two solutions are introduced. For desktops, it leverages GPU virtualization to provide web apps with a dedicated virtual graphics plane. For mobile devices, it designs a system to automatically repurpose the browser’s security checks to safeguard the mobile graphics interface.
Second, it presents a hardware design that is composed of statically-partitioned and physically-isolated trust domains, namely the Split-Trust hardware design. It introduces a few simple, formally-verified hardware components to enable a program to gain provably exclusive and simultaneous access to both computation and I/O on a temporary basis. To manage this hardware, it presents OctopOS, an OS composed of mutually distrustful subsystems.