Prototyping and Evaluating the TrustGuard Architecture

Hu, XuLing [Browse]
Senior thesis
68 pages


August, David [Browse]
Wentzlaff, David [Browse]
Princeton University. Department of Electrical Engineering [Browse]
Class year
Summary note
With increasing amounts of sensitive information being stored electronically, the consequences of data privacy leaks can be devastating. The complexity of modern computers makes it almost impossible for vendors and developers to guarantee to users that their data is safe in their devices. TrustGuard–a pluggable architecture proposed by the Liberty Research Group– recognizes this reality and protects users’ sensitive data from leaking to the outside world, even when the device is compromised. The core of trust in TrustGuard is a simple, separately manufactured hardware element called the Sentry, which guarantees external communication of only data originating from the correct execution of approved software. This work makes the following two contributions to the TrustGuard ecosystem: (1) To enable the evaluation of the capabilities of TrustGuard on a modern processor supporting a full-fledged software stack, this thesis presents a TrustGuard implementation on the Rocket Chip, a RISC-V based processor. (2) To reduce the bandwidth requirements of TrustGuard, this thesis presents a separate instruction scheduler that offers insight into various strategies that could govern the communication between the untrusted system and the Sentry.

Supplementary Information