A Personal Computer for a Distrustful World

Personal computer owners often want to be able to run security-critical programs on the same machine as other untrusted and potentially malicious programs. While ostensibly trivial, this requires users to trust hardware and system software to correctly sandbox malicious programs, trust that is often misplaced. Our goal is to minimize the number and complexity of hardware and software components that a computer owner needs to trust to withstand adversarial inputs. We present a hardware design, called the split-trust machine model, which is composed of statically-partitioned, physically-isolated trust domains. We introduce a few simple, formally-verified hardware components to enable a program to gain provably exclusive and simultaneous access to both computation and I/O on a temporary basis. To manage this hardware, we present OctopOS, an OS composed of mutually distrustful subsystems. We present a prototype of this machine (hardware and OS) on a CPU-FPGA board and show that it incurs a small hardware cost compared to modern SoCs. For security-critical programs, we show that this machine significantly reduces the required trust compared to mainstream TEEs, and for normal programs, we show that it achieves similar performance as a legacy machine.