Implementing an Untrusted Operating System on Trusted Hardware

Recently, there has been considerable interest in providing “trusted computing platforms” using hardware — TCPA and Palladium being the most publicly visible examples.I n this paper we discuss our experience with building such a platform using a traditional time-sharing operating system executing on XOM — a processor architecture that provides copy protection and tamper-resistance functions.I n XOM, only the processor is trusted; main memory and the operating system are not trusted. Our operating system (XOMOS) manages hardware resources for applications that don’t trust it.Th is requires a division of responsibilities between the operating system and hardware that is unlike previous systems.W e describe techniques for providing traditional operating systems services in this context. Since an implementation of a XOM processor does not exist, we use SimOS to simulate the hardware.W e modify IRIX 6.5, a commercially available operating system to create XOMOS. We are then able to analyze the performance and implementation overheads of running an untrusted operating system on trusted hardware.