Abstract
Vulnerabilities in complex software are a major threat to the security of today’s computer systems, with the alarming prevalence of malware and rootkits making it difficult to guarantee security in a networked environment. Due to the widespread application of information technology to all aspects of society, these vulnerabilities threaten virtually all aspects of modern life.
To protect software and data against these threats, we describe simple extensions to the Power Architecture for running Secure Executables. By using a combination of cryptographic techniques and context labeling in the CPU, these Secure Executables are protected on disk, in memory, and through all stages of execution against malicious or compromised software, and other hardware. Moreover, we show that this can be done efficiently, without significant performance penalty. Secure Executables can run simultaneously with unprotected executables; existing applications can be transformed directly into Secure Executables without changes to the source code.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
IBM 4764 PCI-X Cryptographic Coprocessor (PCIXCC) (2006), http://www-03.ibm.com/security/cryptocards/pcixcc/overview.shtml
Bates, D.: Eight million people at risk of ID fraud after credit card details are stolen by hotel chain hackers. (UK) Daily Mail (August 25, 2008)
Blakely, R., Richards, J., Rossiter, J., Beeston, R.: Britain’s MI5: Chinese cyberattacks target top companies. The Times of London (December 3, 2007)
Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.K.: Overshadow: A virtualization-based approach to retrofitting protection in commodity operating systems. In: Proc. of the 13th Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS (2008)
Dwoskin, J.S., Lee, R.B.: Hardware-rooted trust for secure key management and transient trust. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 389–400. ACM, New York (2007)
Goldreich, O., Ostrovsky, R.: Software protection and simulation on Oblivious RAM. Journal of the ACM 43(3), 431–473 (1996)
Gschwind, M., Hofstee, H.P., Flachs, B., Hopkins, M., Watanabe, Y., Yamazaki, T.: Synergistic processing in cell’s multicore architecture. IEEE Micro. 26, 10–24 (2006)
Harkavy, J.: Illicit software blamed for massive data breach: Unauthorized computer programs, secretly installed on servers in Hannaford Brothers supermarkets compromised up to 4.2 million debit and credit cards. AP (March 28, 2008)
Lee, R.B., Kwan, P.C.S., McGregor, J.P., Dwoskin, J., Wang, Z.: Architecture for protecting critical secrets in microprocessors. In: Proceedings of the 32nd Annual International Symposium on Computer Architecture, ISCA 2005, pp. 2–13. IEEE Computer Society, Washington, DC (2005)
Lie, D.J.: Architectural support for copy and tamper-resistant software. PhD thesis, Stanford, CA, USA. Adviser-Horowitz, Mark (2004)
McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: Proceedings of the ACM European Conference on Computer Systems(EUROSYS) (2008)
Stempel, J.: Bank of NY Mellon data breach now affects 12.5 million. Reuters (August 28, 2008)
Edward Suh, G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Aegis: Architecture for tamper-evident and tamper-resistant processing, pp. 160–171. ACM Press, New York (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Williams, P., Boivie, R. (2011). CPU Support for Secure Executables. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, AR., Sasse, A., Beres, Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21599-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-21599-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21598-8
Online ISBN: 978-3-642-21599-5
eBook Packages: Computer ScienceComputer Science (R0)