Modern computer security requires bug-free code at every layer of the software stack. But in a world where operating systems and hypervisors are increasingly buggy, it can be dangerous to assume these components are trustworthy. LockBox provides an additional layer of security such that if the operating system or other system management software fails, certain portions of the system remain resistant to attack. LockBox embeds a set of security features into the architecture to provide a form of memory protection that enables correctly coded applications to resist attack even if underlying portions of the software stack become malicious or are otherwise compromised.
A nesting hypervisor is used to prototype the hardware modifications. Ultimately, the security features can be implemented either as a series of small hardware modifications or as a nesting hypervisor. In the former case, the hypervisor is unnecessary and the user will gain performance benefits. In the latter, users will not need to wait for new hardware to benefit from LockBox's security features.
LockBox provides the user with final authority to set security policy on the machine. It is a rights-preserving architecture in which the user's capabilities cannot be restricted. This is critical to alleviating fears that hardware security systems could one day restrict a user's capability to control their own hardware.
In summary, LockBox creates a next-generation trustworthy computing environment that can be trusted by users to keep data safe against malicious management software.
