An Analysis of Secure Processor Architectures

Security continues to be an increasingly important concern in the design of modern systems. Many systems may have security requirements such as protecting the integrity and confidentiality of data and code stored in the system, ensuring integrity of computations, or preventing the execution of unauthorized code. Making security guarantees has become even harder with the emergence of hardware attacks where the attacker has physical access to the system and can bypass any software security mechanisms employed. To this end, researchers have proposed Secure Processor architectures that provide protection against hardware attacks using platform features. In this paper, we analyze three of the currently proposed secure uniprocessor designs in terms of their security, complexity of hardware required and performance overheads: eXecute Only Memory (XOM), Counter mode encryption and Merkle tree based authentication, and Address Independent Seed Encryption and Bonsai Merkle Tree based authentication. We then provide a discussion on the issues in securing multiprocessor systems and survey one design each for Shared Memory Multiprocessors and Distributed Shared Memory Multiprocessors. Finally, we discuss future directions in Secure Processor research which have largely been ignored forming the weakest link in the security afforded by the proposed schemes, namely, Secure booting and Secure configuration. We identify potential issues which can serve to form the foundation of further research in secure processors.

[1]  Abhishek Kumar Discovering passwords in the memory , 2003 .

[2]  Trevor N. Mudge,et al.  ChipLock: support for secure microarchitectures , 2005, CARN.

[3]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003 .

[4]  Andrew Huang The Trusted PC: Skin-Deep Security , 2002, Computer.

[5]  Intel ® Trusted Execution Technology ( Intel ® TXT ) , .

[6]  Hsien-Hsin S. Lee,et al.  Towards the issues in architectural support for protection of software execution , 2005, CARN.

[7]  Brian Rogers,et al.  Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly , 2007, 40th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2007).

[8]  Brian Rogers,et al.  Efficient data protection for distributed shared memory multiprocessors , 2006, 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[9]  Brian Rogers,et al.  Making secure processors OS- and performance-friendly , 2009, TACO.

[10]  Hsien-Hsin S. Lee,et al.  Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems , 2004, Proceedings. 13th International Conference on Parallel Architecture and Compilation Techniques, 2004. PACT 2004..

[11]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[12]  John Heasman Rootkits: Rootkit threats , 2006 .

[13]  Jun Yang,et al.  Fast secure processor for inhibiting software piracy and tampering , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[14]  J. Heasman Implementing and Detecting a PCI Rootkit , 2006 .

[15]  Andrew Bunnie Huang,et al.  Hacking the Xbox: An Introduction to Reverse Engineering , 2003 .

[16]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[17]  Marten van Dijk,et al.  Efficient memory integrity verification and encryption for secure processors , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[18]  Jean-Didier Legat,et al.  Enhancing security in the memory management unit , 1999, Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium.

[19]  Xiangyu Zhang,et al.  SENSS: security enhancement to symmetric shared memory multiprocessors , 2005, 11th International Symposium on High-Performance Computer Architecture.

[20]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[21]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[22]  B. Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, ISCA 2006.

[23]  Hsien-Hsin S. Lee,et al.  High efficiency counter mode security architecture via prediction and precomputation , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[24]  Mark Horowitz,et al.  Specifying and verifying hardware for tamper-resistant software , 2003, 2003 Symposium on Security and Privacy, 2003..

[25]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).