Advanced Security Primitives and Applications of Protected-Module Architectures

Recent attacks against consumers, businesses and even critical infrastructures of countries (e.g., the attacks against the Ukrainian and Israeli electrical power grids), show that today cybersecurity plays a vital role in the economic and geopolitical world. Protecting devices against attack is nontrivial. Various security measures have been presented that significantly raise the bar for attackers, but software keeps getting exploited successfully. A common pitfall is that software security takes a layered approach where privileged layers keep getting extended with new components over the system's lifetime. This results in ever larger privileged layer but even a single vulnerability at this level may compromise all software running on top of it. During the last several years, an interesting alternative approach has been developed. Protectedmodule architectures (PMAs) do not rely on a layered approach, but enable software to create highly-isolated modules. The security of such modules depend only on their own code and on modules that it chooses explicitly to interact with. This enables modules to formally prove many of their security properties, even if an attacker is able to exploit vulnerabilities in the operating system. Unfortunately, existing protected-module architectures are still limited in the security properties they can guarantee. This research proposal is to address these limitations and apply PMAs to significantly increase protection of critical applications.