Format:
1 Online-Ressource (1 PDF (xxi, 151 pages))
,
illustrations
Edition:
Also available in print
ISBN:
9781681730028
Series Statement:
Synthesis lectures on computer architecture # 45
Content:
Bibliography -- Online resources -- Author's biography.
Content:
1. Introduction -- 1.1 Need for secure processor architectures -- 1.2 Book organization --
Content:
2. Basic computer security concepts -- 2.1 Trusted computing base -- 2.1.1 Kerckhoffs's principle: avoid security through obscurity -- 2.2 Security threats to a system -- 2.2.1 The attack surface -- 2.2.2 Passive and active attacks -- 2.2.3 Man-in-the-middle attacks -- 2.2.4 Side and covert channels and attacks -- 2.2.5 Information flows and attack bandwidths -- 2.2.6 The threat model -- 2.2.7 Threats to hardware after the design phase -- 2.3 Basic security concepts -- 2.3.1 Confidentiality, integrity, and availability -- 2.3.2 Authentication -- 2.3.3 Freshness and nonces -- 2.3.4 Security vs. reliability -- 2.4 Symmetric-key cryptography -- 2.4.1 Symmetric-key algorithms: block ciphers -- 2.4.2 Symmetric-key algorithms: stream ciphers -- 2.4.3 Standard symmetric: key algorithms -- 2.5 Public-key cryptography -- 2.5.1 Key encapsulation mechanisms -- 2.5.2 Standard public-key algorithms -- 2.5.3 Post-quantum cryptography -- 2.6 Random number generation -- 2.7 Secure hashing -- 2.7.1 Use of hashes in message authentication codes -- 2.7.2 Use of hashes in digital signatures -- 2.7.3 Use of hashes in hash trees -- 2.7.4 Application of hashes in key derivation function -- 2.7.5 Standard secure hash algorithms -- 2.8 Public key infrastructure -- 2.8.1 Digital certificates -- 2.8.2 Diffie-Hellman key exchange -- 2.8.3 Application of PKI in secure processor architectures -- 2.9 Physically unclonable functions --
Content:
3. Secure processor architectures -- 3.1 Real-world attacks -- 3.1.1 Coldboot -- 3.1.2 Rowhammer -- 3.1.3 Meltdown -- 3.1.4 Spectre -- 3.1.5 Other bugs and vulnerabilities -- 3.2 General-purpose processor architectures -- 3.2.1 Typical software levels (rings 3 to -1) -- 3.2.2 Typical hardware components -- 3.3 Secure processor architectures -- 3.3.1 Extending vertical privilege levels -- 3.3.2 Horizontal privilege level separation -- 3.3.3 Breaking linear hierarchy of protection levels -- 3.3.4 Capability-based protections -- 3.3.5 Architectures for different software threats -- 3.3.6 Architectures for different hardware threats -- 3.3.7 Hardware TCB as circuits or processors -- 3.4 Examples of secure processor architectures -- 3.4.1 Academic architectures -- 3.4.2 Commercial architectures -- 3.5 Secure processor architecture assumptions -- 3.5.1 Trusted processor chip assumption -- 3.5.2 Small TCB assumption -- 3.5.3 Open TCB assumption -- 3.6 Limitations of secure architectures -- 3.6.1 Physical realization threats -- 3.6.2 Supply chain threats -- 3.6.3 IP protection and reverse engineering -- 3.6.4 Side- and covert-channel threats -- 3.6.5 What secure processor architectures are not -- 3.6.6 Alternatives to hardware-based protections: homomorphic encryption --
Content:
4. Trusted execution environments -- 4.1 Protecting software within trusted execution environments -- 4.1.1 Protections offered by the TCB to the TEEs -- 4.1.2 Enforcing confidentiality through encryption -- 4.1.3 Enforcing confidentiality through isolation -- 4.1.4 Enforcing confidentiality through state flushing -- 4.1.5 Enforcing integrity through cryptographic hashing -- 4.2 Examples of architectures and TEEs -- 4.2.1 Academic architectures for protecting TSMs or enclaves -- 4.2.2 Commercial architectures for protecting TSMs or enclaves -- 4.2.3 Academic and commercial architectures for protecting whole OSes or VMs -- 4.3 TCB and TEE assumptions -- 4.3.1 No side effects assumption -- 4.3.2 Bug-free protected software assumption -- 4.3.3 Trustworthy TCB execution assumption -- 4.4 Limitations of TCBs and TEEs -- 4.4.1 Vulnerabilities in the TCB -- 4.4.2 Opaque TCB execution -- 4.4.3 TEE-based attacks -- 4.4.4 TEE code bloat --
Content:
5. Hardware root of trust -- 5.1 The root of trust -- 5.1.1 Root of trust and the processor key -- 5.1.2 PKI and secure processors -- 5.1.3 Access to the root of trust -- 5.2 Chain of trust and measurements -- 5.2.1 Trusted and authenticated boot -- 5.2.2 Measurement validation -- 5.2.3 Remote attestation -- 5.2.4 Sealing -- 5.2.5 Time-of-check to time-of-use attacks -- 5.3 Runtime attestation and continuous monitoring of TCB and TEEs -- 5.3.1 Limitations of continuous monitoring -- 5.4 PUFs and root of trust -- 5.4.1 Hardware-software binding -- 5.5 Limiting execution to only authorized code -- 5.5.1 Lock-in and privacy concerns -- 5.6 Root of trust assumptions -- 5.6.1 Unique of root of trust key assumption -- 5.6.2 Protected root of trust assumption -- 5.6.3 Fresh measurement assumption --
Content:
6. Memory protections -- 6.1 Threats against main memory -- 6.1.1 Sources of attacks on memory -- 6.1.2 Passive attacks -- 6.1.3 Active attacks -- 6.2 Main memory protection mechanisms -- 6.2.1 Confidentiality protection with encryption -- 6.2.2 Integrity protection with hashing -- 6.2.3 Access pattern protection -- 6.3 Memory protections assumption -- 6.3.1 Encrypted, hashed, and oblivious access memory assumption --
Content:
7. Multiprocessor and many-core protections -- 7.1 Security challenges of multiprocessors and many-core systems -- 7.2 Multiprocessor security -- 7.2.1 SMP and DSM threat model -- 7.2.2 Symmetric memory multiprocessor security -- 7.2.3 Distributed shared memory security -- 7.2.4 SMP and DSM tradeoffs -- 7.3 Many-core processors and multi-processor system-on-a-chip -- 7.3.1 Many-core and MPSoC threat model -- 7.3.2 Communication protection mechanisms -- 7.3.3 3D integration considerations -- 7.4 Multiprocessor and many-core protections assumption -- 7.4.1 Protected inter-processor communication assumption --
Content:
8. Side-channel threats and protections -- 8.1 Side and covert channels -- 8.1.1 Covert channel review -- 8.1.2 Side channel review -- 8.1.3 Side and covert channels in processors -- 8.2 Processor features and information leaks -- 8.2.1 Variable instruction execution timing -- 8.2.2 Functional unit contention -- 8.2.3 Stateful functional units -- 8.2.4 Memory hierarchy -- 8.2.5 Physical emanations -- 8.3 Side and covert channel classification -- 8.4 Estimates of existing attack bandwidths -- 8.4.1 Attack bandwidth analysis -- 8.5 Defending side and covert channels -- 8.5.1 Hardware-based defenses overview -- 8.5.2 Secure cache designs -- 8.5.3 Software-based defenses -- 8.5.4 Combining defenses overview -- 8.6 Side channels as attack detectors -- 8.7 Side-channel threats assumption -- 8.7.1 Side-channel free tee assumption --
Content:
9. Security verification of processor architectures -- 9.1 Motivation for formal security verification -- 9.2 Security verification across different levels of abstraction -- 9.3 Security verification approaches -- 9.3.1 System representation -- 9.3.2 Security properties -- 9.3.3 Formal verification -- 9.4 Discussion of hardware-software security verification projects -- 9.5 Security verification assumption -- 9.5.1 Verified TCB assumption -- 9.5.2 Verified TEE software assumption --
Content:
10. Principles of secure processor architecture design -- 10.1 The principles -- 10.1.1 Protect off-chip communication and memory -- 10.1.2 Isolate processor state between TEE execution -- 10.1.3 Measure and continuously monitor TCB and TEE -- 10.1.4 Allow TCB introspection -- 10.1.5 Minimize the TCB -- 10.2 Impact of secure design principles on the processor architecture principles -- 10.3 Limitations of the secure processor assumptions -- 10.4 Pitfalls and fallacies -- 10.5 Challenges in secure processor design -- 10.6 Future trends in secure processor designs -- 10.7 Art and science of secure processor design --
Content:
With growing interest in computer security and the protection of the code and data which execute on commodity computers, the amount of hardware security features in today's processors has increased significantly over the recent years. No longer of just academic interest, security features inside processors have been embraced by industry as well, with a number of commercial secure processor architectures available today. This book aims to give readers insights into the principles behind the design of academic and commercial secure processor architectures. Secure processor architecture research is concerned with exploring and designing hardware features inside computer processors, features which can help protect confidentiality and integrity of the code and data executing on the processor. Unlike traditional processor architecture research that focuses on performance, efficiency, and energy as the first-order design objectives, secure processor architecture design has security as the first-order design objective (while still keeping the others as important design aspects that need to be considered). This book aims to present the different challenges of secure processor architecture design to graduate students interested in research on architecture and hardware security and computer architects working in industry interested in adding security features to their designs. It aims to educate readers about how the different challenges have been solved in the past and what are the best practices, i.e., the principles, for design of new secure processor architectures. Based on the careful review of past work by many computer architects and security researchers, readers also will come to know the five basic principles needed for secure processor architecture design. The book also presents existing research challenges and potential new research directions. Finally, this book presents numerous design suggestions, as well as discusses pitfalls and fallacies that designers should avoid
Note:
Part of: Synthesis digital library of engineering and computer science
,
Includes bibliographical references (pages 125-148)
,
Compendex
,
INSPEC
,
Google scholar
,
Google book search
,
Also available in print.
,
Mode of access: World Wide Web.
,
System requirements: Adobe Acrobat Reader.
Additional Edition:
ISBN 9781681730011
Additional Edition:
ISBN 9781681734040
Additional Edition:
Erscheint auch als Druck-Ausgabe Szefer, Jakub Principles of secure processor architecture design San Rafael, CA : Morgan and Claypool Publishers, 2019 ISBN 9781681730011
Additional Edition:
ISBN 9781681734040
Language:
English
Subjects:
Computer Science
DOI:
10.1007/978-3-031-01760-5
Bookmarklink
