Publications

The processor of a drone runs essential functions of sensing, communications, coordination, and control. This is the conventional view. But in today's cyber environment, the processor must also provide security to assure mission completion. We have been developing a secure processing architecture for mission assurance. A study on state-of-the-art secure processing technologies has revealed that no one-size-fits-all solution can fully meet our requirements. In fact, we have concluded that the provision of a secure processor as a mission assurance foundation must be holistic and should be approached from a systems perspective. We have thus applied a systems analysis approach to create a secure base for the system. This paper describes our journey of adapting and synergizing various secure processing technologies into a baseline asymmetric multicore processing architecture. We will also describe a functional and security co-design environment, created to customize and optimize the architecture in a design space consisting of hardware, software, performance, and assurance.

Bolted is a new architecture for a bare metal cloud with the goal of providing security-sensitive customers of a cloud the same level of security and control that they can obtain in their own private data centers. It allows tenants to elastically allocate secure resources within a cloud while being protected from other previous, current, and future tenants of the cloud. The provisioning of a new server to a tenant isolates a bare metal server, only allowing it to communicate with other tenant's servers once its critical firmware and software have been attested to the tenant. Tenants, rather than the provider, control the tradeoffs between security, price, and performance. A prototype demonstrates scalable end-to-end security with small overhead compared to a less secure alternative.