Abstract
Security continues to be an increasingly important concern in the design of modern systems. Many systems may have security requirements such as protecting the integrity and confidentiality of data and code stored in the system, ensuring integrity of computations, or preventing the execution of unauthorized code. Making security guarantees has become even harder with the emergence of hardware attacks where the attacker has physical access to the system and can bypass any software security mechanisms employed. To this end, researchers have proposed Secure Processor architectures that provide protection against hardware attacks using platform features. In this paper, we analyze three of the currently proposed secure uniprocessor designs in terms of their security, complexity of hardware required and performance overheads: eXecute Only Memory (XOM), Counter mode encryption and Merkle tree based authentication, and Address Independent Seed Encryption and Bonsai Merkle Tree based authentication. We then provide a discussion on the issues in securing multiprocessor systems and survey one design each for Shared Memory Multiprocessors and Distributed Shared Memory Multiprocessors. Finally, we discuss future directions in Secure Processor research which have largely been ignored forming the weakest link in the security afforded by the proposed schemes, namely, Secure booting and Secure configuration. We identify potential issues which can serve to form the foundation of further research in secure processors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kumar, A.: Discovering Passwords in Memory (2004), http://www.infosec-writers.com/text_resources/
americanxboxmodchips.com, http://www.americanxboxmodchips.com/
http://www.modchip.com (2005)
mod-chip.com, http://www.mod-chip.com/
modchipoutlet.com, http://www.modchipoutlet.com/
modchipstore.com, http://www.modchipstore.com/
wii-modchips.com, http://www.wii-modchips.com/
xbox-modchips.com, http://www.xbox-modchips.com/
xbox-scene.com, http://www.xbox-scene.com/
xboxhackz.com, http://www.xboxhackz.com/
Gassend, B., Suh, G., Clarke, D., Dijk, M., Devadas, S.: Caches and Hash Trees for Efficient Memory Integrity Verification. In: Proc. of the 9th International Symposium on High Performance Computer Architecture (2003)
Gilmont, T., Legat, J.D., Quisquater, J.J.: Enhancing the Security in the Memory Management Unit. In: Proc. of the 25th EuroMicro Conference (1999)
Lie, D., Mitchell, J., Thekkath, C., Horowitz, M.: Specifying and Verifying Hardware for Tamper-Resistant Software. In: Proc. of the 2003 IEEE Symposium on Security and Privacy (2003)
Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural Support for Copy and Tamper Resistant Software. In: Proc. of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems (2000)
Rogers, B., Solihin, Y., Prvulovic, M.: Efficient Data Protection for Distributed Shared Memory Multiprocessors. In: Proc. of the 15th International Conference on Parallel Architectures and Compilation Techniques (2006)
Shi, W., Lee, H.H., Ghosh, M., Lu, C.: Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems. In: Proc. of the 13th International Conference on Parallel Architectures and Compilation Techniques (2004)
Shi, W., Lee, H.H., Ghosh, M., Lu, C., Boldyreva, A.: High Efficiency Counter Mode Security Architecture via Prediction and Precomputation. In: Proc. of the 32nd International Symposium on Computer Architecture (2005)
Shi, W., Lee, H.H., Lu, C., Ghosh, M.: Towards the Issues in Architectural Support for Protection of Software Execution. In: Proc. of the Workshop on Architectural Support for Security and Anti-virus (2004)
Suh, G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing. In: Proc. of the 17th International Conference on Supercomputing (2003)
Suh, G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Efficient Memory Integrity Verification and Encryption for Secure Processor. In: Proc. of the 36th Annual International Symposium on Microarchitecture (2003)
Yan, C., Rogers, B., Englender, D., Solihin, Y., Prvulovic, M.: Improving Cost, Performance, and Security of Memory Encryption and Authentication. In: Proc. of the International Symposium on Computer Architecture (2006)
Yang, J., Zhang, Y., Gao, L.: Fast Secure Processor for Inhibiting Software Piracy and Tampering. In: Proc. of the 36th Annual International Symposium on Microarchitecture (2003)
Zhang, Y., Gao, L., Yang, J., Zhang, X., Gupta, R.: SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors. In: Proc. of the 11th International Symposium on High-Performance Computer Architecture (2005)
IBM: IBM Extends Enhanced Data Security to Consumer Electronics Products (April 2006), http://domino.research.ibm.com/comm/pr.nsf/pages/news.20060410_security.html
Maxim/Dallas Semiconductor: DS5002FP Secure Microprocessor Chip, (2007), http://www.maxim-ic.com/quick_view2.cfm/qv_pk/2949 (last modification)
Intel: Intel Trusted Execution Technology (May 2006), http://www.intel.com/technology/security/
Rogers, B., Chhabra, S., Solihin, Y., Prvulovic, M.: Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly. In: Proc. of the 36th Annual International Symposium on Microarchitecture (2007)
Huang, A.: Hacking the Xbox: An Introduction to Reverse Engineering. No Starch Press, San Francisco (2003)
Huang, A.B.: The Trusted PC: Skin-Deep Security. IEEE Computer 35(10), 103–105 (2002)
FIPS Publication 197: Specification for the Advanced Encryption Standard (AES). National Institute of Standards and Technology, Federal Information Processing Standards (2001)
FIPS Publication 180-1: Secure Hash Standard. National Institute of Standards and Technology, Federal Information Processing Standards (1995)
Renau, J., et al.: SESC (2004), http://sesc.sourceforge.net
Krawczyk, H., Bellare, M., Caneti, R.: HMAC: Keyed-hashing for message authentication (1997), http://www.ietf.org/rfc/rfc2104.txt
Kgil, T., Falk, L., Mudge, T.: ChipLock: Support for Secure Microarchitectures. In: Proc. of the Workshop on Architectural Support for Security and Anti-Virus (October 2004)
Standard Performance Evaluation Corporation (2004), http://www.spec.org
Chhabra, S., Rogers, B., Solihin, Y., Prvulovic, M.: Making secure processors os- and performance-friendly. ACM Transactions on Architecture and Code Optimization 5(4), 1–35 (2009)
Bartholomew, D.: On Demand Computing – IT On Tap? (June 2005), http://www.industryweek.com/ReadArticle.aspx?ArticleID=10303&SectionID=4
PandaLabs: Quarterly Report PandaLabs (2008), http://pandalabs.pandasecurity.com
Heasman, J.: Implementing and Detecting a PCI Rootkit (2006), http://www.ngssoftware.com/research/papers/Implementingi_And_Detecting_A_PCI_Rootkit.pdf
Arbaugh, W., Farber, D.J., Smith, J.M.: A Secure and Reliable Bootstrap Architecture. In: Proc. 1997 IEEE Symposium on Security and Privacy (1997)
TCG: TCG PC Client Specific Implementation Specification For Conventional BIOS (April 2006), https://www.trustedcomputinggroup.org/sspecs/PCClient/TCG_PCClientImplementationforBIOS_1-20_100.pdf
ARM: ARM TrustZone (2004), http://www.arm.com/products/esd/trustzone_home.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Chhabra, S., Solihin, Y., Lal, R., Hoekstra, M. (2010). An Analysis of Secure Processor Architectures. In: Gavrilova, M.L., Tan, C.J.K. (eds) Transactions on Computational Science VII. Lecture Notes in Computer Science, vol 5890. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11389-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-11389-5_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11388-8
Online ISBN: 978-3-642-11389-5
eBook Packages: Computer ScienceComputer Science (R0)