| | |
Summary: A Secure and Reliable Bootstrap Architecture
William A. Arbaugh"
David J. Farbert
Jonathan M. Smith
Universiw of Pennsylvania
Distributed Systems Laboratory
Philadelphia, PA. 19104-6389
{waa, fat-her, jms}@dsl.cis.upenn.edu
Abstract
In a computer system, the integrity of lo~lerlayers is typ-
ically treated as axiomatic by higher layers. Under the pre-
sumption that the hardware comprising the machine (the
lowest layer) is valid, integrih of a layer can be guaran-
teed if and only ~: (1) the integrity crf the lower layers is
checked, and (2) transitions to highm layers occur only uf-
ler integrity checks on them are complete. The resulting
ii~tegrity "chain" inductively guarantees system integrity.
When these conditions are not met, a~ they typically are
not in the bootstrapping (initialization) of a computer sys-
tem, no integri~ guarantees can be nude. Yet, these guar-
|
