TrustGraph: Trusted graphics subsystem for high assurance systems

Hamed Okhravi, David M. Nicol

Research output: Chapter in Book/Report/Conference proceedingConference contribution


High assurance MILS and MLS systems require strict limitation of the interactions between different security compartments based on a security policy. Virtualization can be used to provide a high degree of separation in such systems. Even with perfect isolation, however, the I/O devices are shared between different security compartments. Among the I/O controllers, the graphics subsystem is the largest and the most complex. This paper describes the design and implementation of TrustGraph, a trusted graphics subsystem for high assurance systems. First, we explain the threats and attacks possible against an unsecured graphics subsystem. We then describe the design of TrustGraph, the security principles it is built upon, and its implementation. Finally, we verify our implementation through different levels of verification which include functionality testing for simple operations, attack testing for security mechanisms, and formal verification for the critical components of the implementation. An analysis of the graphics API covert channel attack is presented, its channel capacity is measured, and the capacity is reduced using the idea of fuzzy time.

Original languageEnglish (US)
Title of host publication25th Annual Computer Conference Security Applications, ACSAC 2009
Number of pages12
StatePublished - 2009
Event25th Annual Computer Conference Security Applications, ACSAC 2009 - Honolulu, HI, United States
Duration: Dec 7 2009Dec 11 2009

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527


Other25th Annual Computer Conference Security Applications, ACSAC 2009
Country/TerritoryUnited States
CityHonolulu, HI


  • Covert channel analysis
  • Formal verification
  • Multi-level security
  • Trusted graphics
  • Virtualization

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'TrustGraph: Trusted graphics subsystem for high assurance systems'. Together they form a unique fingerprint.

Cite this