| 000 -LEADER |
|---|
| fixed length control field |
12046nam a22007211i 4500 |
| 001 - CONTROL NUMBER |
|---|
| control field |
8502017 |
| 003 - CONTROL NUMBER IDENTIFIER |
|---|
| control field |
IEEE |
| 005 - DATE AND TIME OF LATEST TRANSACTION |
|---|
| control field |
20200413152927.0 |
| 006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS |
|---|
| fixed length control field |
m eo d |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION |
|---|
| fixed length control field |
cr cn |||m|||a |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
181101s2019 caua foab 000 0 eng d |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9781681730028 |
| Qualifying information |
ebook |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| Canceled/invalid ISBN |
9781681734040 |
| Qualifying information |
hardcover |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| Canceled/invalid ISBN |
9781681730011 |
| Qualifying information |
paperback |
| 024 7# - OTHER STANDARD IDENTIFIER |
|---|
| Standard number or code |
10.2200/S00864ED1V01Y201807CAC045 |
| Source of number or code |
doi |
| 035 ## - SYSTEM CONTROL NUMBER |
|---|
| System control number |
(CaBNVSL)swl000408760 |
| 035 ## - SYSTEM CONTROL NUMBER |
|---|
| System control number |
(OCoLC)1060574854 |
| 040 ## - CATALOGING SOURCE |
|---|
| Original cataloging agency |
CaBNVSL |
| Language of cataloging |
eng |
| Description conventions |
rda |
| Transcribing agency |
CaBNVSL |
| Modifying agency |
CaBNVSL |
| 050 #4 - LIBRARY OF CONGRESS CALL NUMBER |
|---|
| Classification number |
QA76.9.A73 |
| Item number |
S946 2019 |
| 082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Classification number |
004.22 |
| Edition number |
23 |
| 100 1# - MAIN ENTRY--PERSONAL NAME |
|---|
| Personal name |
Szefer, Jakub, |
| Relator term |
author. |
| 245 10 - TITLE STATEMENT |
|---|
| Title |
Principles of secure processor architecture design / |
| Statement of responsibility, etc. |
Jakub Szefer. |
| 264 #1 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE |
|---|
| Place of production, publication, distribution, manufacture |
[San Rafael, California] : |
| Name of producer, publisher, distributor, manufacturer |
Morgan & Claypool, |
| Date of production, publication, distribution, manufacture, or copyright notice |
2019. |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
1 PDF (xxi, 151 pages) : |
| Other physical details |
illustrations. |
| 336 ## - CONTENT TYPE |
|---|
| Content type term |
text |
| Source |
rdacontent |
| 337 ## - MEDIA TYPE |
|---|
| Media type term |
electronic |
| Source |
isbdmedia |
| 338 ## - CARRIER TYPE |
|---|
| Carrier type term |
online resource |
| Source |
rdacarrier |
| 490 1# - SERIES STATEMENT |
|---|
| Series statement |
Synthesis lectures on computer architecture, |
| International Standard Serial Number |
1935-3243 ; |
| Volume/sequential designation |
# 45 |
| 538 ## - SYSTEM DETAILS NOTE |
|---|
| System details note |
Mode of access: World Wide Web. |
| 538 ## - SYSTEM DETAILS NOTE |
|---|
| System details note |
System requirements: Adobe Acrobat Reader. |
| 500 ## - GENERAL NOTE |
|---|
| General note |
Part of: Synthesis digital library of engineering and computer science. |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE |
|---|
| Bibliography, etc. note |
Includes bibliographical references (pages 125-148). |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
Bibliography -- Online resources -- Author's biography. |
| 505 0# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
1. Introduction -- 1.1 Need for secure processor architectures -- 1.2 Book organization -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
2. Basic computer security concepts -- 2.1 Trusted computing base -- 2.1.1 Kerckhoffs's principle: avoid security through obscurity -- 2.2 Security threats to a system -- 2.2.1 The attack surface -- 2.2.2 Passive and active attacks -- 2.2.3 Man-in-the-middle attacks -- 2.2.4 Side and covert channels and attacks -- 2.2.5 Information flows and attack bandwidths -- 2.2.6 The threat model -- 2.2.7 Threats to hardware after the design phase -- 2.3 Basic security concepts -- 2.3.1 Confidentiality, integrity, and availability -- 2.3.2 Authentication -- 2.3.3 Freshness and nonces -- 2.3.4 Security vs. reliability -- 2.4 Symmetric-key cryptography -- 2.4.1 Symmetric-key algorithms: block ciphers -- 2.4.2 Symmetric-key algorithms: stream ciphers -- 2.4.3 Standard symmetric: key algorithms -- 2.5 Public-key cryptography -- 2.5.1 Key encapsulation mechanisms -- 2.5.2 Standard public-key algorithms -- 2.5.3 Post-quantum cryptography -- 2.6 Random number generation -- 2.7 Secure hashing -- 2.7.1 Use of hashes in message authentication codes -- 2.7.2 Use of hashes in digital signatures -- 2.7.3 Use of hashes in hash trees -- 2.7.4 Application of hashes in key derivation function -- 2.7.5 Standard secure hash algorithms -- 2.8 Public key infrastructure -- 2.8.1 Digital certificates -- 2.8.2 Diffie-Hellman key exchange -- 2.8.3 Application of PKI in secure processor architectures -- 2.9 Physically unclonable functions -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
3. Secure processor architectures -- 3.1 Real-world attacks -- 3.1.1 Coldboot -- 3.1.2 Rowhammer -- 3.1.3 Meltdown -- 3.1.4 Spectre -- 3.1.5 Other bugs and vulnerabilities -- 3.2 General-purpose processor architectures -- 3.2.1 Typical software levels (rings 3 to -1) -- 3.2.2 Typical hardware components -- 3.3 Secure processor architectures -- 3.3.1 Extending vertical privilege levels -- 3.3.2 Horizontal privilege level separation -- 3.3.3 Breaking linear hierarchy of protection levels -- 3.3.4 Capability-based protections -- 3.3.5 Architectures for different software threats -- 3.3.6 Architectures for different hardware threats -- 3.3.7 Hardware TCB as circuits or processors -- 3.4 Examples of secure processor architectures -- 3.4.1 Academic architectures -- 3.4.2 Commercial architectures -- 3.5 Secure processor architecture assumptions -- 3.5.1 Trusted processor chip assumption -- 3.5.2 Small TCB assumption -- 3.5.3 Open TCB assumption -- 3.6 Limitations of secure architectures -- 3.6.1 Physical realization threats -- 3.6.2 Supply chain threats -- 3.6.3 IP protection and reverse engineering -- 3.6.4 Side- and covert-channel threats -- 3.6.5 What secure processor architectures are not -- 3.6.6 Alternatives to hardware-based protections: homomorphic encryption -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
4. Trusted execution environments -- 4.1 Protecting software within trusted execution environments -- 4.1.1 Protections offered by the TCB to the TEEs -- 4.1.2 Enforcing confidentiality through encryption -- 4.1.3 Enforcing confidentiality through isolation -- 4.1.4 Enforcing confidentiality through state flushing -- 4.1.5 Enforcing integrity through cryptographic hashing -- 4.2 Examples of architectures and TEEs -- 4.2.1 Academic architectures for protecting TSMs or enclaves -- 4.2.2 Commercial architectures for protecting TSMs or enclaves -- 4.2.3 Academic and commercial architectures for protecting whole OSes or VMs -- 4.3 TCB and TEE assumptions -- 4.3.1 No side effects assumption -- 4.3.2 Bug-free protected software assumption -- 4.3.3 Trustworthy TCB execution assumption -- 4.4 Limitations of TCBs and TEEs -- 4.4.1 Vulnerabilities in the TCB -- 4.4.2 Opaque TCB execution -- 4.4.3 TEE-based attacks -- 4.4.4 TEE code bloat -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
5. Hardware root of trust -- 5.1 The root of trust -- 5.1.1 Root of trust and the processor key -- 5.1.2 PKI and secure processors -- 5.1.3 Access to the root of trust -- 5.2 Chain of trust and measurements -- 5.2.1 Trusted and authenticated boot -- 5.2.2 Measurement validation -- 5.2.3 Remote attestation -- 5.2.4 Sealing -- 5.2.5 Time-of-check to time-of-use attacks -- 5.3 Runtime attestation and continuous monitoring of TCB and TEEs -- 5.3.1 Limitations of continuous monitoring -- 5.4 PUFs and root of trust -- 5.4.1 Hardware-software binding -- 5.5 Limiting execution to only authorized code -- 5.5.1 Lock-in and privacy concerns -- 5.6 Root of trust assumptions -- 5.6.1 Unique of root of trust key assumption -- 5.6.2 Protected root of trust assumption -- 5.6.3 Fresh measurement assumption -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
6. Memory protections -- 6.1 Threats against main memory -- 6.1.1 Sources of attacks on memory -- 6.1.2 Passive attacks -- 6.1.3 Active attacks -- 6.2 Main memory protection mechanisms -- 6.2.1 Confidentiality protection with encryption -- 6.2.2 Integrity protection with hashing -- 6.2.3 Access pattern protection -- 6.3 Memory protections assumption -- 6.3.1 Encrypted, hashed, and oblivious access memory assumption -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
7. Multiprocessor and many-core protections -- 7.1 Security challenges of multiprocessors and many-core systems -- 7.2 Multiprocessor security -- 7.2.1 SMP and DSM threat model -- 7.2.2 Symmetric memory multiprocessor security -- 7.2.3 Distributed shared memory security -- 7.2.4 SMP and DSM tradeoffs -- 7.3 Many-core processors and multi-processor system-on-a-chip -- 7.3.1 Many-core and MPSoC threat model -- 7.3.2 Communication protection mechanisms -- 7.3.3 3D integration considerations -- 7.4 Multiprocessor and many-core protections assumption -- 7.4.1 Protected inter-processor communication assumption -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
8. Side-channel threats and protections -- 8.1 Side and covert channels -- 8.1.1 Covert channel review -- 8.1.2 Side channel review -- 8.1.3 Side and covert channels in processors -- 8.2 Processor features and information leaks -- 8.2.1 Variable instruction execution timing -- 8.2.2 Functional unit contention -- 8.2.3 Stateful functional units -- 8.2.4 Memory hierarchy -- 8.2.5 Physical emanations -- 8.3 Side and covert channel classification -- 8.4 Estimates of existing attack bandwidths -- 8.4.1 Attack bandwidth analysis -- 8.5 Defending side and covert channels -- 8.5.1 Hardware-based defenses overview -- 8.5.2 Secure cache designs -- 8.5.3 Software-based defenses -- 8.5.4 Combining defenses overview -- 8.6 Side channels as attack detectors -- 8.7 Side-channel threats assumption -- 8.7.1 Side-channel free tee assumption -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
9. Security verification of processor architectures -- 9.1 Motivation for formal security verification -- 9.2 Security verification across different levels of abstraction -- 9.3 Security verification approaches -- 9.3.1 System representation -- 9.3.2 Security properties -- 9.3.3 Formal verification -- 9.4 Discussion of hardware-software security verification projects -- 9.5 Security verification assumption -- 9.5.1 Verified TCB assumption -- 9.5.2 Verified TEE software assumption -- |
| 505 8# - FORMATTED CONTENTS NOTE |
|---|
| Formatted contents note |
10. Principles of secure processor architecture design -- 10.1 The principles -- 10.1.1 Protect off-chip communication and memory -- 10.1.2 Isolate processor state between TEE execution -- 10.1.3 Measure and continuously monitor TCB and TEE -- 10.1.4 Allow TCB introspection -- 10.1.5 Minimize the TCB -- 10.2 Impact of secure design principles on the processor architecture principles -- 10.3 Limitations of the secure processor assumptions -- 10.4 Pitfalls and fallacies -- 10.5 Challenges in secure processor design -- 10.6 Future trends in secure processor designs -- 10.7 Art and science of secure processor design -- |
| 506 ## - RESTRICTIONS ON ACCESS NOTE |
|---|
| Terms governing access |
Abstract freely available; full-text restricted to subscribers or individual document purchasers. |
| 510 0# - CITATION/REFERENCES NOTE |
|---|
| Name of source |
Compendex |
| 510 0# - CITATION/REFERENCES NOTE |
|---|
| Name of source |
INSPEC |
| 510 0# - CITATION/REFERENCES NOTE |
|---|
| Name of source |
Google scholar |
| 510 0# - CITATION/REFERENCES NOTE |
|---|
| Name of source |
Google book search |
| 520 3# - SUMMARY, ETC. |
|---|
| Summary, etc. |
With growing interest in computer security and the protection of the code and data which execute on commodity computers, the amount of hardware security features in today's processors has increased significantly over the recent years. No longer of just academic interest, security features inside processors have been embraced by industry as well, with a number of commercial secure processor architectures available today. This book aims to give readers insights into the principles behind the design of academic and commercial secure processor architectures. Secure processor architecture research is concerned with exploring and designing hardware features inside computer processors, features which can help protect confidentiality and integrity of the code and data executing on the processor. Unlike traditional processor architecture research that focuses on performance, efficiency, and energy as the first-order design objectives, secure processor architecture design has security as the first-order design objective (while still keeping the others as important design aspects that need to be considered). This book aims to present the different challenges of secure processor architecture design to graduate students interested in research on architecture and hardware security and computer architects working in industry interested in adding security features to their designs. It aims to educate readers about how the different challenges have been solved in the past and what are the best practices, i.e., the principles, for design of new secure processor architectures. Based on the careful review of past work by many computer architects and security researchers, readers also will come to know the five basic principles needed for secure processor architecture design. The book also presents existing research challenges and potential new research directions. Finally, this book presents numerous design suggestions, as well as discusses pitfalls and fallacies that designers should avoid. |
| 530 ## - ADDITIONAL PHYSICAL FORM AVAILABLE NOTE |
|---|
| Additional physical form available note |
Also available in print. |
| 588 ## - SOURCE OF DESCRIPTION NOTE |
|---|
| Source of description note |
Title from PDF title page (viewed on November 1, 2018). |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
Computer architecture. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name entry element |
Computer security. |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
secure processor design |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
processor architecture |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
computer security |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
trustworthy computing |
| 653 ## - INDEX TERM--UNCONTROLLED |
|---|
| Uncontrolled term |
computer hardware security |
| 776 08 - ADDITIONAL PHYSICAL FORM ENTRY |
|---|
| Relationship information |
Print version: |
| International Standard Book Number |
9781681730011 |
| -- |
9781681734040 |
| 830 #0 - SERIES ADDED ENTRY--UNIFORM TITLE |
|---|
| Uniform title |
Synthesis digital library of engineering and computer science. |
| 830 #0 - SERIES ADDED ENTRY--UNIFORM TITLE |
|---|
| Uniform title |
Synthesis lectures in computer architecture ; |
| Volume/sequential designation |
# 45. |
| International Standard Serial Number |
1935-3243 |
| 856 42 - ELECTRONIC LOCATION AND ACCESS |
|---|
| Materials specified |
Abstract with links to resource |
| Uniform Resource Identifier |
https://ieeexplore.ieee.org/servlet/opac?bknumber=8502017 |
