SHIELDSTRAP: Making secure processors truly secure

Many systems may have security requirements such as protecting the privacy of data and code stored in the system, ensuring integrity of computations, or preventing the execution of unauthorized code. It is becoming increasingly difficult to ensure such protections as hardware-based attacks, in addition to software attacks, become more widespread and feasible. Many of these attacks target a system during booting before any employed security measures can take effect. In this paper, we propose SHIELDSTRAP, a security architecture capable of booting a system securely in the face of hardware and software attacks targeting the boot phase. SHIELDSTRAP bridges the gap between the vulnerable initialization of the system and the secure steady state execution environment provided by the secure processor. We present an analysis of the security of SHIELDSTRAP against several common boot time attacks. We also show that SHIELDSTRAP requires an on-chip area overhead of only 0.012% and incurs negligible boot time overhead of 0.37 seconds.

[1]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[2]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[3]  H.-H.S. Lee,et al.  Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems , 2004, Proceedings. 13th International Conference on Parallel Architecture and Compilation Techniques, 2004. PACT 2004..

[4]  J. Heasman Implementing and Detecting a PCI Rootkit , 2006 .

[5]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[6]  Hsien-Hsin S. Lee,et al.  Towards the issues in architectural support for protection of software execution , 2005, CARN.

[7]  Dirk Fox,et al.  Digital Signature Standard (DSS) , 2001, Datenschutz und Datensicherheit.

[8]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[9]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[10]  Hsien-Hsin S. Lee,et al.  High efficiency counter mode security architecture via prediction and precomputation , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[11]  Trevor N. Mudge,et al.  ChipLock: support for secure microarchitectures , 2005, CARN.

[12]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[13]  Marten van Dijk,et al.  Efficient memory integrity verification and encryption for secure processors , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[14]  William A. Arbaugh,et al.  Personal Secure Booting , 2001, ACISP.

[15]  Jan M. Rabaey,et al.  Digital Integrated Circuits: A Design Perspective , 1995 .

[16]  Jun Yang,et al.  Fast Secure Processor for Inhibiting Software Piracy and Tampering , 2003, MICRO.

[17]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[18]  Brian Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[19]  Carl Eklund,et al.  National Institute for Standards and Technology , 2009, Encyclopedia of Biometrics.

[20]  Jean-Didier Legat,et al.  Enhancing security in the memory management unit , 1999, Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium.

[21]  G. Edward Suh,et al.  Efficient Memory Integrity Verification and Encryption for Secure Processors , 2003, MICRO.

[22]  Mark Horowitz,et al.  Specifying and verifying hardware for tamper-resistant software , 2003, 2003 Symposium on Security and Privacy, 2003..

[23]  Markus G. Kuhn,et al.  Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP , 1998, IEEE Trans. Computers.

[24]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).