Rethinking Computers for Cybersecurity

Cyberattacks are growing at an alarming rate, even as our dependence on cyberspace transactions increases. Our software security solutions may no longer be sufficient. It is time to rethink computer design from the foundations. Can hardware security be enlisted to improve cybersecurity? The author discusses two classes of hardware security: hardware-enhanced security architectures for improving software and system security, and secure hardware. The Web extra at https://youtu.be/z-c9ACviGNo is a video of a 2006 invited seminar at the Naval Postgraduate School, in which author Ruby B. Lee presents the Secret-Protected (SP) architecture, which is a minimalist set of hardware features that can be added to any microprocessor or embedded processor that protects the "master secrets" that in turn protect other keys and encrypted information, programs and data.

[1]  Ruby B. Lee,et al.  Security testing of a secure cache design , 2013, HASP '13.

[2]  Ruby B. Lee,et al.  Hardware-rooted trust for secure key management and transient trust , 2007, CCS '07.

[3]  Ruby B. Lee,et al.  Scalable architectural support for trusted software , 2010, HPCA - 16 2010 The Sixteenth International Symposium on High-Performance Computer Architecture.

[4]  Ruby B. Lee,et al.  Scalable security architecture for trusted software , 2010 .

[5]  Ruby B. Lee,et al.  Architectural support for hypervisor-secure virtualization , 2012, ASPLOS XVII.

[6]  Jennifer Rexford,et al.  Eliminating the hypervisor attack surface for a more secure cloud , 2011, CCS '11.

[7]  Ruby B. Lee,et al.  Security Basics for Computer Architects , 2013, Security Basics for Computer Architects.

[8]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[9]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[10]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[11]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[12]  Ruby B. Lee,et al.  Architecture for protecting critical secrets in microprocessors , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[13]  Ruby B. Lee,et al.  A novel cache architecture with enhanced performance and security , 2008, 2008 41st IEEE/ACM International Symposium on Microarchitecture.

[14]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[15]  Jennifer Rexford,et al.  NoHype: virtualized cloud infrastructure without the virtualization , 2010, ISCA.

[16]  Ruby B. Lee,et al.  A software-hardware architecture for self-protecting data , 2012, CCS.

[17]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.