CPU Support for Secure Executables

Williams, Peter; Boivie, Rick

doi:10.1007/978-3-642-21599-5_13

Peter Williams²¹ &
Rick Boivie²²

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6740))

Included in the following conference series:

International Conference on Trust and Trustworthy Computing

2319 Accesses
8 Citations

Abstract

Vulnerabilities in complex software are a major threat to the security of today’s computer systems, with the alarming prevalence of malware and rootkits making it difficult to guarantee security in a networked environment. Due to the widespread application of information technology to all aspects of society, these vulnerabilities threaten virtually all aspects of modern life.

To protect software and data against these threats, we describe simple extensions to the Power Architecture for running Secure Executables. By using a combination of cryptographic techniques and context labeling in the CPU, these Secure Executables are protected on disk, in memory, and through all stages of execution against malicious or compromised software, and other hardware. Moreover, we show that this can be done efficiently, without significant performance penalty. Secure Executables can run simultaneously with unprotected executables; existing applications can be transformed directly into Secure Executables without changes to the source code.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

IBM 4764 PCI-X Cryptographic Coprocessor (PCIXCC) (2006), http://www-03.ibm.com/security/cryptocards/pcixcc/overview.shtml
Bates, D.: Eight million people at risk of ID fraud after credit card details are stolen by hotel chain hackers. (UK) Daily Mail (August 25, 2008)
Google Scholar
Blakely, R., Richards, J., Rossiter, J., Beeston, R.: Britain’s MI5: Chinese cyberattacks target top companies. The Times of London (December 3, 2007)
Google Scholar
Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In: Proc. of the 13th Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS (2008)
Google Scholar
Dwoskin, J.S., Lee, R.B.: Hardware-rooted trust for secure key management and transient trust. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 389–400. ACM, New York (2007)
Google Scholar
Goldreich, O., Ostrovsky, R.: Software protection and simulation on Oblivious RAM. Journal of the ACM 43(3), 431–473 (1996)
Article MathSciNet MATH Google Scholar
Gschwind, M., Hofstee, H.P., Flachs, B., Hopkins, M., Watanabe, Y., Yamazaki, T.: Synergistic processing in cell’s multicore architecture. IEEE Micro. 26, 10–24 (2006)
Article Google Scholar
Harkavy, J.: Illicit software blamed for massive data breach: Unauthorized computer programs, secretly installed on servers in Hannaford Brothers supermarkets compromised up to 4.2 million debit and credit cards. AP (March 28, 2008)
Google Scholar
Lee, R.B., Kwan, P.C.S., McGregor, J.P., Dwoskin, J., Wang, Z.: Architecture for protecting critical secrets in microprocessors. In: Proceedings of the 32nd Annual International Symposium on Computer Architecture, ISCA 2005, pp. 2–13. IEEE Computer Society, Washington, DC (2005)
Google Scholar
Lie, D.J.: Architectural support for copy and tamper-resistant software. PhD thesis, Stanford, CA, USA. Adviser-Horowitz, Mark (2004)
Google Scholar
McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: Proceedings of the ACM European Conference on Computer Systems(EUROSYS) (2008)
Google Scholar
Stempel, J.: Bank of NY Mellon data breach now affects 12.5 million. Reuters (August 28, 2008)
Google Scholar
Edward Suh, G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Aegis: Architecture for tamper-evident and tamper-resistant processing, pp. 160–171. ACM Press, New York (2003)
Google Scholar

Download references

Author information

Authors and Affiliations

Stony Brook University, USA
Peter Williams
IBM Research, USA
Rick Boivie

Authors

Peter Williams
View author publications
You can also search for this author in PubMed Google Scholar
Rick Boivie
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Carnegie Mellon University, 5000 Forbes Ave, 15213, Pittsburgh, PA, USA
Jonathan M. McCune & Adrian Perrig &
Hewlett-Packard Labs, Long Down Ave, BS34 8QZ, Stoke Gifford, Bristol, UK
Boris Balacheff
TU Darmstadt / Fraunhofer SIT, Mornewegstr.32, 64293, Darmstadt, Germany
Ahmad-Reza Sadeghi
University College London, Gower Street, WC1E 6BT, London, UK
Angela Sasse
Hewlett Packard Labs, Long Down Ave, BS34 8QZ, Stoke Gifford, Bristol, UK
Yolanta Beres

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Williams, P., Boivie, R. (2011). CPU Support for Secure Executables. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_13

Download citation

DOI: https://doi.org/10.1007/978-3-642-21599-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21598-8
Online ISBN: 978-3-642-21599-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics