LockBox

Imagine being able to walk up to a public computer, access your personal e-mail, manipulate the balances in your bank accounts and work on sensitive business documents, all while knowing your data would be kept secure. This simply isn't possible today. Though trusted computing systems have attempted to bridge the gap, none of these systems have turned out to be the solution to our security problems. We're working towards a new and different type of trusted computing platform which will bring us substantially closer to this reality.

We're working to develop an experimental framework called LockBox to answer important questions in trust, memory protection and security. This system provides a series of hardware features which embeds security into the hardware in a way that's unprecedented. We working to show that our framework can provide fundamental and important security features while being implementable without great cost, hardware or performance overhead.

Our research works to enable hardware to keep secrets. Our platform does not mandate code signing or a trusted software stack and is controlled directly by the user. While this makes our platform unsuitable for some applications, such as digital rights management, it provides end-users with a trusted platform they can actually trust. Instead of the typical approach taken by trusted computing platforms, we don't try and keep secrets from the user, but we work with the user to enable them to establish trusted applications, secure channels and to keep their secret information safe even from a compromise of their operating system or hypervisor.