AEGIS: architecture for tamper-evident and tamper-resistant processing

We describe the architecture for a single-chip aegis processor which can be used to build computing systems secure against both physical and software attacks. Our architecture assumes that all components external to the processor, such as memory, are untrusted. We show two different implementations. In the first case, the core functionality of the operating system is trusted and implemented in a security kernel. We also describe a variant implementation assuming an untrusted operating system.aegis provides users with tamper-evident, authenticated environments in which any physical or software tampering by an adversary is guaranteed to be detected, and private and authenticated tamper-resistant environments where additionally the adversary is unable to obtain any information about software or data by tampering with, or otherwise observing, system operation. aegis enables many applications, such as commercial grid computing, secure mobile agents, software licensing, and digital rights management.Preliminary simulation results indicate that the overhead of security mechanisms in aegis is reasonable.

[1]  G. Edward Suh,et al.  Design and implementation of the AEGIS single-chip secure processor using physical random functions , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[2]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[3]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[4]  Joos Vandewalle,et al.  (How) can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions , 2003, TOIT.

[5]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[6]  H. Kuo,et al.  Unlocking the design secrets of a 2.29 Gb/s Rijndael processor , 2002, Proceedings 2002 Design Automation Conference (IEEE Cat. No.02CH37324).

[7]  G. Edward Suh,et al.  Hardware Mechanisms for Memory Integrity Checking , 2002 .

[8]  Amy Carroll,et al.  Microsoft Palladium: A Business Overview , 2002 .

[9]  Radek Vingralek,et al.  How to Manage Persistent State in DRM Systems , 2001, Digital Rights Management Workshop.

[10]  Harold J. Morowitz,et al.  The Encyclopedia of Science and Technology , 2001 .

[11]  Ingrid Verbauwhede,et al.  Architectural Optimization for a 1.82Gbits/sec VLSI Implementation of the AES Rijndael Algorithm , 2001, CHES.

[12]  Luis F. G. Sarmenta,et al.  Volunteer Computing , 1996 .

[13]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[14]  Eric Rescorla,et al.  SSL and TLS: Designing and Building Secure Systems , 2000 .

[15]  John L. Henning SPEC CPU2000: Measuring CPU Performance in the New Millennium , 2000, Computer.

[16]  Johan Agat,et al.  Transforming out timing leaks , 2000, POPL '00.

[17]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[18]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[19]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[20]  Todd M. Austin,et al.  The SimpleScalar tool set, version 2.0 , 1997, CARN.

[21]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[22]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[23]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[24]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[25]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.