Mechanisms

To flexibly and efficiently enforce a wide range of security policies and abstractions, we co-design hardware-rooted mechanisms across the stack. Our hardware-rooted mechanisms embrace and exploit now inexpensive silicon resources, working with the system software, to enforce foundational security policies and OS/programming-language abstractions without compromising performance and without discarding all the software and systems that exist today. Our mechanisms are expressive and flexible to support new policy innovations to adapt to threats and lessons and to support system tuning and optimization. Our cross-stack co-desgin solves problems at the right level in the system for a given technology and system goals while not leaving seams and weaknesses between layers that undermine enforcement.

Why can’t we isolate and keep secrets?
Why must we have only one secure compartment?
Why can’t we enforce common programming abstractions and safety policies?
Why must we wait years from vulnerability exploit to hardware defense?

Conventional hardware mechanisms (e.g., virtual memory, virtual machines) are heavy-weight, making fine-grained isolation and complete mediation too expensive.

What can we put in place that guards every instruction, helps understand every word of memory?

How do we provide mechanisms that are general enough they can address the wide range of security needs?

How can we make these mechanisms inexpensive?

Our mechanisms allow us to represent information about the software and its use and carry that through the system lifetime including execution. This allows the system to know what it is supposed to do so it can prevent misuse. The hardware-rooted mechanims validate the use of information continuously and completely without slowing down computations.