Abstract

As society rushes to digitize sensitive information and services, it is imperative to adopt adequate security protections. However, such protections fundamentally conflict with the benefits we expect from commodity computers. Consumers and businesses value commodity computers because they provide good performance and an abundance of features at relatively lowcost, but attempts to construct secure systems “from the ground up” have proven expensive, time-consuming, and unable to keep pace with the changing demands of the marketplace [2, 9, 12, 13]. For example, the VAX VMM security kernel was developed over the course of eight years of considerable effort, but in the end, the project failed, and the kernel was never deployed. This failure was due, in part, to the absence of support for Ethernet – a feature considered critical by the time the kernel was completed, but not anticipated when it was initially designed [12].