Trust as a Programming Primitive

Programming has changed; programming languages have not.Modern software embraced reusable software components, i.e., public libraries, and runs in the cloud, on machines that co-locate applications from various origins.This new programming paradigm leads to an unsafe world in which compromising a single public library or cloud server can potentially grant an attacker access to tens or hundreds of applications sensitive data.Meanwhile, programming languages failed to provide the mechanisms to address the insecurity and fragility inherent to modern software: (1) programs run in a single trust domain, thereby granting unverified public library code access to their sensitive information and (2) the underlying operating system or hypervisor is able to access any of the program's sensitive information. In my thesis, I will present two programming abstractions and mechanisms that can help address these challenges.The first is secured routines, which protect user code & data from untrusted and potentially privileged code.The second is enclosures, a programming abstraction that splits a program into isolated trust domains, allowing safe execution of unverified public libraries.Finally, I propose a secured execution environment in software to quickly prototype and evolve new isolation primitives, without requiring specialized hardware.This research highlights the need for new software and hardware mechanisms to provide fine-grained (within an address space) isolation so that programs can be safely constructed from untrusted pieces of code and run in untrusted environments.