Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Enabling trusted software integrity
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
AEGIS: architecture for tamper-evident and tamper-resistant processing
ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Architecture for Protecting Critical Secrets in Microprocessors
Proceedings of the 32nd annual international symposium on Computer Architecture
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Lest we remember: cold-boot attacks on encryption keys
Communications of the ACM - Security in the Browser
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Idea: Trusted Emergency Management
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
On-board credentials with open provisioning
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Accountability in hosted virtual networks
Proceedings of the 1st ACM workshop on Virtualized infrastructure systems and architectures
Hardware-Assisted Application-Level Access Control
ISC '09 Proceedings of the 12th International Conference on Information Security
A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations
Computer Standards & Interfaces
NoHype: virtualized cloud infrastructure without the virtualization
Proceedings of the 37th annual international symposium on Computer architecture
A framework for testing hardware-software security architectures
Proceedings of the 26th Annual Computer Security Applications Conference
CPU support for secure executables
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
Using virtualization to protect application address space inside untrusted environment
Programming and Computing Software
A software-hardware architecture for self-protecting data
Proceedings of the 2012 ACM conference on Computer and communications security
Security Verification of Hardware-enabled Attestation Protocols
MICROW '12 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops
Proceedings of the ACM International Conference on Computing Frontiers
OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Security-Preserving Live Migration of Virtual Machines in the Cloud
Journal of Network and Systems Management
Hi-index | 0.00 |
We propose minimalist new hardware additions to a microprocessor chip that protect cryptographic keys in portable computing devices which are used in the field but owned by a central authority. Our authority-mode architecture has trust rooted in two critical secrets: a Device Root Key and a Storage Root Hash, initialized in the device by the trusted authority. Our architecture protects trusted software, bound to the device, which can use the root secrets to protect other sensitive information for many different usage scenarios. We describe a detailed usage scenario for crisis response, where first responders are given transient access to third-party sensitive information which can be securely accessed during a crisis and reliably revoked after the crisis is over. We leverage the Concealed Execution Mode of our earlier user-mode SP (Secret-Protecting) architecture to protect trusted code and its execution [1]. We call our new architecture authority-mode SP since it shares the same architectural lineage and the goal of minimalist hardware roots of trust. However, we completely change the key management hardware and software to enable new remote trust mechanisms that user-mode SP cannot support. In our new architecture, trust is built on top of the shared root key which binds together the secrets, policy and trusted software on the device. As a result, the authority-mode SP architecture can be used to provide significant new functionality including transient access to secrets with reliable revocation mechanisms, controlled transitive support for policy-controlled secrets belonging to different organizations, and remote attestation and secure communications with the authority.