Site Contents
Projects - Architecture


AEGIS: Architectural EnGines for Information Security (AEGIS Publications)

As computing devices becoming pervasive, greater responsibilities are being placed on them, and physical attacks on disseminated, unsupervised devices are an increasing risk that have to be dealt with. AEGIS provides a systematic approach to layering hardware or software security functionality over a broad variety of computing systems, ranging from desktop computers to embedded processors, from set-top boxes to smartcards. Unlike most system security efforts, AEGIS enables the design of systems that are secure against both physical and software attacks. AEGIS solves the following problems:

1. Tamper-Evident Environments: Create authenticated environments within a computing system such that any physical or software tampering by the adversary is guaranteed to be detected.

2. Private Tamper-Resistant Environments: Create private and authenticated environments where additionally the adversary is unable to obtain any information about software or data by tampering with, or otherwise observing, system operation. Software, data or media can be copy-protected in a cryptographically-secure manner in these environments.

AEGIS is concerned with ensuring privacy and integrity of software and data, and does not address the problems posed by denial-of-service attacks, or attacks which completely destroy the computing system.

AEGIS enables several applications. The tamper-evident and tamper-resistant environments provided by AEGIS can enable commercial grid computing on multitasking server farms, where computation power can be sold with the guarantee of a compute environment that processes data correctly and privately. Private tamper-resistant environments enable applications where a computer is used as a trusted third party. Software and media content in portable and desktop systems can be copy-protected in a manner that is resistant to software and/or physical attacks.

The AEGIS platform has four innovative mechanisms, which when woven together enable many applications including those described above. This platform allows a system designer to choose an appropriate hardware/software partitioning and implementation for her system, while providing security guarantees.

1. Physical Random Function: A tamper-resistant way of sharing a secret with a hardware device.

2. Certified Execution: System architectures that can guarantee that a particular computation was carried out correctly on an attested computing system, and authentication algorithms for untrusted components such as I/O peripherals and (remote) memory.

3. Secure Virtual Machine: Provide each user of the system with a virtual machine where each process is cryptographically protected from all other processes, including the operating system, while being able to use all resources and capabilities of the machine, including communicating with remote applications, and utilizing untrusted devices.

4. Integrity Verification: Algorithms to check the integrity of untrusted components such as memory, disk and other peripherals.

We will focus on designing and prototyping three systems using the AEGIS platform that will pose different challenges, and require differing levels of security for various forms of physical and software attacks, namely a secure smartcard, a secure set-top box, and a secure, time-shared, general-purpose processor. The hardware components will be first built on FPGAs and then on custom silicon.


Computer Science and Artificial Intelligence Laboratory
Massachusetts Institute of Technology
32 Vassar Street, 32-G846
Cambridge, MA 02139
v: 617.253.6837, f: 617.253.6652

Copyright © 2003 by Massachusetts Institute of Technology. All rights reserved.