Full Software Stack Must be Protected for Security

Modern systems are built of layers of software operating on top of the hardware.  From low layers such as microcode and firmware through hypervisors and operating systems, to application frameworks and to the application itself.  Each layer of software depends on the layer below to provide needed functionality.  Therefore, each layer of software must trust the layer below it to provide the correct functionality operating in the expected manner to provide correct operation of the overall system.  If each software layer is trusted to provide the expected behavior, then the entire system should also provide the expected behavior and be trusted.  This dependency on the layer below should also be taken to mean that the layer above cannot corrupt the layer below.  If the layer above becomes corrupted or compromised in some manner then the layer below is not affected by this adverse behavior other than that the lower layer may be used in a manner that is different than expected.  Primarily, correct behavior means that the provided functionality will do what it says it will, and only what it says it will.  For simple functions, like math operations such as sin(x), this behavior is very well defined.  The function sin(x) will return the mathematical value of sine for whatever value is passed in as the argument.  In principle, all functions should be as well defined as math functions, so that uncertainties of outcomes are not allowed and assertions of guarantees of operation can be made for them.  A higher layer of software relies on the aggregate of all the lower software layer functions,and only on this aggregate of lower level functionality, to fulfill it operations.  Therefore, if all the lower level functions can be trusted to operate as expected then so should the higher layer functionality be trusted.

Leave a Reply