@conference { ,
	title = {Scalable Architectural Support for Trusted Software},
	year = {2010},
	note = {Nominated for Best Paper Award.},
	month = {Jan 9-14 2010},
	address = {Bangalore, India},
	abstract = {We present Bastion, a new hardware-software 
architecture for protecting security-critical software 
modules in an untrusted software stack. Our 
architecture is composed of enhanced microprocessor 
hardware and enhanced hypervisor software. Each 
trusted software module is provided with a secure, 
fine-grained memory compartment and its own secure 
persistent storage area. Bastion is the first architecture 
to provide direct hardware protection of the 
hypervisor from both software and physical attacks, 
before employing the hypervisor to provide the same 
protection to security-critical OS and application 
modules. Our implementation demonstrates the 
feasibility of bypassing an untrusted commodity OS to 
provide application security and shows better security 
with higher performance when compared to the 
Trusted Platform Module (TPM), the current industry 
state-of-the-art security chip. We provide a proof-of-
concept implementation on the OpenSPARC platform. },
	author = {David Champagne and Ruby B. Lee}
}