Nexus Overview

The Nexus is a new operating system for trustworthy computing. The primary capability it offers is to provide assurance about the future behavior of applications. Unlike traditional operating systems, the Nexus can issue trustworthy, verifiable, unforgeable certificates that attest that an application will or will not take a certain action in the future. This novel ability can serve as the basis for a new kind of system security.

For instance, the Nexus can provide assurance that a particular data item can only be viewed under a set of user-prescribed circumstances (e.g. "between the hours of 9 to 5, by a designee of the data owner"). It can ensure that a picture, though cropped and modified to adjust for color-balance, has not been altered to change its contents. It can guarantee that a body of text will be used in accordance with a use policy. It can provide credentials about how data was generated (e.g. "this email message was typed on the keyboard and is therefore not spam"). It can securely execute user-provided functions against a secret database without revealing the contents of that database (e.g. "this network is guaranteed to have k redundant failover links, even though we will not reveal the actual network topology").

The technical foundations backing these enhanced capabilities are two-fold: