An Operating System Design for the Security Architecture for Microprocessors

SAM is a processor extension used to protect execution of dedicated programs by preventing data disclosure and program manipulations in a multitasking environment. This paper presents an operating system design based on the Linux kernel for SAM. The design splits the kernel into a very small protected part and an unprotected part used by drivers and high level functions. Using this kernel protected and unprotected programs can be executed in parallel without diminishing the protection. The protection mechanism does not slow down the execution of unprotected programs, since it is only active during the execution of protected programs.

[1]  G. Edward Suh,et al.  Aegis: A Single-Chip Secure Processor , 2007, IEEE Des. Test Comput..

[2]  Edwin Naroska,et al.  A combined hardware and software architecture for secure computing , 2005, CF '05.

[3]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[4]  Martin Bergander,et al.  Next generation secure computing base - Microsofts datasäkerhetslösning ur ett verksamhetsperspektiv , 2004 .

[5]  Edwin Naroska,et al.  A Cache Design for a Security Architecture for Microprocessors (SAM) , 2006, ARCS.

[6]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[7]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX Annual Technical Conference, FREENIX Track.

[8]  Barry J. Epstein,et al.  The Sparc Architecture Manual/Version 8 , 1992 .

[9]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.