Described in this paper is a trusted computer environment for PCs that are connected to the Internet, or that receive input from unknown sources.
The proposed architecture for this secure environment requires additional registers on the central processing unit (CPU) and changes in firmware, and probably software, to handle one or more security bits. These bits indicate the security level on all registers, memory, and hard disks. The architecture also requires special equipment used to assign security codes (based on the number of security bits used) to input and output ports. Data and executables are assigned a security level based on the input port by which they enter the PC. That security code is used to determine if code can be run in, or data manipulated in, certain registers. If the executable or data has a lower security code than that of the registers, an interrupt occurs.
I could not determine from this paper if the architecture would ever let any code or data downloaded from the Internet run to completion. The authors mention that many downloads are safe to use, but there is presently no way of differentiating between trusted and untrusted sources. Even untrusted sources may provide safe executables and data.
This paper is incomplete. The proposed architecture is expensive (contrary to the authors assertion), and requires a redesign of many PC components. The architecture will remain impractical until a detailed implementation plan, including security policies, is created. Even then, it may not be cost-effective.