IntroductionNewsUse CasesTechnologyAssurancePublicationsRelated WorkContact
HardwareOverviewHypervisorTrusted SoftwareVirtualization
Technical Overview

The PERSEUS framework for trustworthy computing consists of a three-layered security kernel and an application layer as illustrated by the following figure:

Figure 1: The PERSEUS architecture consisting of a three-layered trusted computing base (TCB) below an application layer.

Hardware Layer: The hardware layer contains of conventional hardware like a CPU, memory, and hardware devices. Moreover, the hardware layer provides trusted computing technology, e.g., a TPM. For more information, see section Hardware Layer.

Resource Management Layer: The main task of the resource management layer is the provision of an abstract interface of the underlying hardware resources like interrupts, memory and hardware devices. Moreover, this layer allows to share these resources and realizes access control enforcement on the known object types. For more information, see section Hypervisor Layer.

Trusted Software Layer: By efficiently combining the services provided by the hardware layer and the hypervisor layer, the trusted software layer (TSL) extends the interfaces of the underlying services by security properties and ensures isolation of the applications executed on top of this layer. Examples of security-services are a secure user unterface (trusted GUI, trusted path), secure booting, and mutually trusted storage. For more information, see section Trusted Software.

Application Layer: On top of the trusted software layer, security-critical and non-critical applications are executed in parallel. Legacy operating systems can be executed as isolated applications on to provide end-users a common user interface and a backward-compatible application binary interface (ABI) to reuse standard applications. Moreover, to keep the security kernel as small as possible, the legacy operating systems can be user to realize uncritical operating system services. For more information about the execution of legacy operating systems, have a look at the Virtualization section. More security-critical PERSEUS applications are discussed in section Use Cases.