A Secure and Reliable Bootstrap Architecture

In a computer system the integrity of lower layers is treated as axiomatic by higher layers Under the pre sumption that the hardware comprising the machine the lowest layer is valid integrity of a layer can be guaranteed if and only if the integrity of the lower layers is checked and transitions to higher layers occur only after integrity checks on them are complete The resulting integrity chain inductively guarantees system integrity When these conditions are not met as they typi cally are not in the bootstrapping initialization of a computer system no integrity guarantees can be made Yet these guarantees are increasingly impor tant to diverse applications such as Internet com merce intrusion detection systems and active net works In this paper we describe the AEGIS ar chitecture for initializing a computer system It val idates integrity at each layer transition in the boot strap process AEGIS also includes a recovery process for integrity check failures and we show how this re sults in robust systems We discuss our prototype implementation for the IBM personal computer PC architecture and show that the cost of such system protection is surprisingly small