In a computer system, the integrity of lower layers is treated as axiomatic by higher layers. Under the presumption that the hardware comprising the machine (the lowest layer) is valid, integrity of a layer can be guaranteed if and only if: (1) the integrity of the lower layers is checked, and (2) transitions to higher layers occur only after integrity checks on them are complete. The resulting integrity "chain" inductively guarantees system integrity. When these conditions are not met, as they typically are not in the bootstrapping (initialization) of a computer system, no integrity guarantees can be made. Yet, these guarantees are increasingly important to diverse applications such as Internet commerce, intrusion detection systems, and "active networks. " In this paper, we describe the AEGIS architecture for initializing a computer system. It validates integrity at each layer transition in the bootstrap process. AEGIS also includes a recovery process for integrity check failures, and...

Active Networks is a network infrastructure which is programmable on a per-user or even per-packet basis. Increasing the flexibility of such network infrastructures invites new security risks. Coping with these security risks represents the most fundamental contribution of Active Network research. The security concerns can be divided into those which affect the network as a whole and those which affect individual elements. It is clear that the element problems must be solved first, as the integrity of networklevel solutions will be based on trust of the network elements. In this

Integrity is rarely a valid presupposition in many systems architectures, yet it is necessary to make any security guarantees. To address this problem, we have designed a secure bootstrap process, AEGIS, which presumes a minimal amount of integrity, and which we have prototyped on the Intel x86 architecture. The basic principle is sequencing the bootstrap process as a chain of progressively higher levels of abstraction, and requiring each layer to check a digital signature of the next layer before control is passed to it. A major design decision is the consequence of a failed integrity check. A simplistic strategy is to simply halt the bootstrap process. However, as we show in this paper, the AEGIS bootstrap process can be augmented with automated recovery procedures which preserve the security properties of AEGIS under the additional assumption of the availability of a trusted repository. We describe two means by which such a repository can be implemented, and focus our attention on a network-accessible repository.

No work the size of this dissertation is done in isolation, and I would like to thank the people who worked with and supported me over the last four years. Harold F. Bower has worked with me on numerous occasions. He found and added the entry points in the BIOS source to call AEGIS. He also served as a sounding board for me in the design of AEGIS, and the AEGIS interrupt service routine (ISR). Hal and I also worked together on a pre-cursor of AEGIS, the Security Enhanced Processor (SEP). The problems encountered with the SEP project lead to AEGIS. Hal is also responsible for RATBAG which is described in Chapter 3. Angelos Keromytis and I jointly designed the protocol used with the AEGIS network recovery and DHCP++. Angelos also served as the ideal person to discuss ideas. He is never shy about telling someone that their idea is nuts. Scott Alexander, Angelos, and I worked together on the design of SANE, Section 7.1. Scott’s contributions are “above the OS”, and mine are “below the OS”. Angelos worked with both Scott and myself, and developed the naming and threat models. Ralph Droms et. al. developed the DHCP authentication scheme described in Section 7.2. I developed the delayed aspect of the authentication mechanism along with the threat model.