Outpost: Creating Secure Execution Environments Without Secure Hardware


June 20, 2014


Arvind Seshadri




In this talk I present Outpost, a software-based primitive for attestable establishment of a root-of-trust-for-computing. Outpost creates an execution environment that guarantees untampered code execution even when the entire software stack of system (including the BIOS) is compromised, without requiring secure hardware support.

In contrast to Pioneer (our earlier work on the problem), which uses an adhoc attack-defense design strategy specific to the x86 architecture, Outpost uses a design strategy based on an architecture-portable hardware operational model. We use the insights obtained from a deep understanding of hardware architecture and operation across platforms to define the operational model. This design strategy ensures that Outpost is architecture-portable, is not vulnerable to any of the low-level attacks that Pioneer is vulnerable to, has a 15x higher attacker time overhead, and is amenable to formal reasoning about its security.

I conclude by sharing some thoughts on the important systems security problems in the era of cloud and mobile. I will also discuss how intelligently-defined hardware operational models in combination with creative retrofitting of the design and implementation of commodity systems might enable us to build commodity systems which are amenable to formal reasoning about their security properties.


Arvind Seshadri

Arvind Seshadri is a Research Staff Member in IBM’s India Research Lab. He obtained a Ph.D. from Carnegie Mellon University specializing in systems security. His research interest lies in the area of principled retrofitting commodity systems to satisfy security properties. His work has been published in top security and systems conferences including ASPLOS, IEEE S&P, and SOSP.