Implementing copy protection on software is a difficult problem that has resisted a satisfactory solution for many years. This paper proposes a set of features that allows a machine to execute XOM code: code where neither the instructions or the data are visible to entities outside the running process. To support XOM code we use a machine that supports internal compartments, where a process in one compartment cannot read data from another compartment. All data that leaves the machine is encrypted, since we assume secure compartments cannot be guaranteed by anything outside the machine. The design of this machine poses some interesting trade-offs between security, efficiency and flexibility. We explore some of the potential security issues as one pushes the machine to become more efficient and flexible. Our analysis indicates, while not cheap, it is possible to create a normal multi-tasking machine where nearly all applications can be run in XOM mode.
Joint work with David Lie, Mark Horowitz, Dan Boneh, John Mitchell, Mark Mitchell and Patrick Lincoln