Flicker: Minimal TCB Code Execution

Flicker is a technique leveraging new features of CPUs from AMD and Intel, including support for dynamic root of trust, to execute application-specific code with an extremely small TCB, while maintaining compatibility with a legacy operating system.

Minimal TCB Code Execution

We propose an architecture that allows a Piece of Application Logic (PAL) to execute in complete isolation from other software while trusting only a tiny software base that is orders of magnitude smaller than even minimalist virtual machine monitors. Our technique also enables more meaningful attestation than previous proposals, since only measurements of the security-sensitive portions of an application need to be included. We achieve these guarantees by leveraging hardware support provided by commodity processors from AMD and Intel that are shipping today.

Prerequisites

To use Flicker, a PC platform supporting _skinit_ is needed. The platform requires a processor supporting the _skinit_ instruction, a v1.2 TPM, and a chipset which provides memory protection for the Flicker code. The _skinit_ instruction is available with newer AMD64 processors.

Frequently Asked Questions (FAQ)

  • Q: Will Flicker run on my machine?
    If it meets the Prerequisites above, Flicker _should_ run. However, I have only tested it on the 3 machines that I have. The kmod included with this version has only been tested with Linux kernel 2.6.24.
  • Q: I don't have a Flicker-capable machine. Can I still develop a Flicker module?
    Yes, AMD's SimNow supports the _skinit_ instruction. However, there will be no TPM support included. In fact, we have encountered machines in the wild that will execute _skinit_ but do not include a TPM. These can be useful for developing application-specific functionality without requiring a reboot during a debug cycle.
  • Q: I want to buy a machine to run Flicker. What should I buy?
    The machine we use the most is an HP dc5750.
  • Q: Is Flicker bug-free?
    Certainly not in this version. However, its extremely small size suggests that a bug-free implementation may be attainable by buggy human beings. :) Known problems include excessive I/O permissions to ring 3 PAL code and excessive memory access by PAL segment descriptors due to need to access the TPM from ring 3 without system calls.

Revision History

  • 2008.04.15. Initial public release of Version 0.1. Contains Flicker kernel module, barebones PAL with 250-line TCB, and "Hello, world" PAL with debug code. Please send email to Jonathan McCune to request the code.

  

Papers

McCune, Jonathan M., Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. "Minimal TCB Code Execution (Extended Abstract)." In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, May 2007. [ PDF ]

McCune, Jonathan M., Bryan Parno, Adrian Perrig, Michael K. Reiter, and Arvind Seshadri. "How Low Can You Go? Recommendations for Hardware-Supported Minimal TCB Code Execution." In Proceedings of the ACM Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'08), Seattle, Washington, March 1 - 5, 2008. [ PDF ]

McCune, Jonathan M., Bryan Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki. "Flicker: An Execution Infrastructure for TCB Minimization". In Proceedings of the ACM European Conference on Computer Systems (EuroSys'08), Glasgow, Scotland, March 31 - April 4, 2008. [ PDF ]

Presentation Slides

IEEE S&P 2007 [ PPT ]

ASPLOS 2008 [ PPT ]

EuroSys 2008 [ PPT ]

Extended version [ PPT ]

Source Code

Version 0.1 [ please email Jon ]
 

Contact Us






Adrian Perrig's Research Group     Carnegie Mellon University     CIC Building     4720 Forbes Avenue     Pittsburgh, PA     15213