Minos: Architectural support for protecting control data
ACM Transactions on Architecture and Code Optimization (TACO)
Controlled physical random functions and applications
ACM Transactions on Information and System Security (TISSEC)
Coordinated concurrent memory accesses on a reconfigurable multimedia accelerator
Microprocessors & Microsystems
Foundations of security analysis and design IV
Transactions on computational science X
CPU support for secure executables
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Memory encryption for smart cards
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
| Hi-index | 0.00 |
Recently, there has been intense interest in the implementation of a trusted computing platform. Industry projects such as the Trusted Computing Platform Alliance, Microsoft's Palladium Project, and Intel's LaGrand Technologies all aim to embed hardware to support some amount of protection for applications so that they can be tamper-resistant. In this work, we propose a new processor architecture called “XOM”, which stands for eXecute Only Memory. XOM provides copy and tamper-resistance for software by supporting compartments, which protect both the code and data of programs. Compartments are implemented by a combination of architectural methods, in the form of on-chip access control tags, and cryptographic methods, in the form of ciphers and hashes that protect data off-chip. The trust model of the computing system is changed so that applications trust the hardware, instead of the operating system, to protect their code and data. A XOM processor was simulated by extending a MIPS-based processor model in the SimOS simulator. An operating system, XOMOS, was constructed run on the XOM architecture. Because the applications do not trust the operating system with their data, this presents an interesting challenge for operating system design. This work shows that an untrusted operating system can be implemented on top of trusted hardware, such that the operating system has sufficient rights to manage resources, but does not have the rights to read or modify user application code or data. This is demonstrated by a port of the IRIX 6.5 operating system to the XOM processor, to create XOMOS. We were able to run some applications on XOMOS in our simulator and found overheads to be less than 5%. We used a model checker to verify the security of the XOM processor architecture. A realistic “actual” processor was modeled along with an adversary, and compared against a “idealized” model that has no adversary. Inconsistencies between the two models are flagged as failures in the protection guarantees that the processor aims to provide. We thus demonstrate that the processor is able to provide tamper-resistance, and that the most difficult attack to defend against is a memory replay attack.