PKK Library

Your cart is empty.

Welcome to P K Kelkar Library, Online Public Access Catalogue (OPAC)

Normal view MARC view ISBD view

Principles of secure processor architecture design /

By: Szefer, Jakub [author.].
Material type: materialTypeLabelBookSeries: Synthesis digital library of engineering and computer science: ; Synthesis lectures in computer architecture: # 45.Publisher: [San Rafael, California] : Morgan & Claypool, 2019.Description: 1 PDF (xxi, 151 pages) : illustrations.Content type: text Media type: electronic Carrier type: online resourceISBN: 9781681730028.Subject(s): Computer architecture | Computer security | secure processor design | processor architecture | computer security | trustworthy computing | computer hardware securityDDC classification: 004.22 Online resources: Abstract with links to resource Also available in print.
Contents:
Bibliography -- Online resources -- Author's biography.
1. Introduction -- 1.1 Need for secure processor architectures -- 1.2 Book organization --
2. Basic computer security concepts -- 2.1 Trusted computing base -- 2.1.1 Kerckhoffs's principle: avoid security through obscurity -- 2.2 Security threats to a system -- 2.2.1 The attack surface -- 2.2.2 Passive and active attacks -- 2.2.3 Man-in-the-middle attacks -- 2.2.4 Side and covert channels and attacks -- 2.2.5 Information flows and attack bandwidths -- 2.2.6 The threat model -- 2.2.7 Threats to hardware after the design phase -- 2.3 Basic security concepts -- 2.3.1 Confidentiality, integrity, and availability -- 2.3.2 Authentication -- 2.3.3 Freshness and nonces -- 2.3.4 Security vs. reliability -- 2.4 Symmetric-key cryptography -- 2.4.1 Symmetric-key algorithms: block ciphers -- 2.4.2 Symmetric-key algorithms: stream ciphers -- 2.4.3 Standard symmetric: key algorithms -- 2.5 Public-key cryptography -- 2.5.1 Key encapsulation mechanisms -- 2.5.2 Standard public-key algorithms -- 2.5.3 Post-quantum cryptography -- 2.6 Random number generation -- 2.7 Secure hashing -- 2.7.1 Use of hashes in message authentication codes -- 2.7.2 Use of hashes in digital signatures -- 2.7.3 Use of hashes in hash trees -- 2.7.4 Application of hashes in key derivation function -- 2.7.5 Standard secure hash algorithms -- 2.8 Public key infrastructure -- 2.8.1 Digital certificates -- 2.8.2 Diffie-Hellman key exchange -- 2.8.3 Application of PKI in secure processor architectures -- 2.9 Physically unclonable functions --
3. Secure processor architectures -- 3.1 Real-world attacks -- 3.1.1 Coldboot -- 3.1.2 Rowhammer -- 3.1.3 Meltdown -- 3.1.4 Spectre -- 3.1.5 Other bugs and vulnerabilities -- 3.2 General-purpose processor architectures -- 3.2.1 Typical software levels (rings 3 to -1) -- 3.2.2 Typical hardware components -- 3.3 Secure processor architectures -- 3.3.1 Extending vertical privilege levels -- 3.3.2 Horizontal privilege level separation -- 3.3.3 Breaking linear hierarchy of protection levels -- 3.3.4 Capability-based protections -- 3.3.5 Architectures for different software threats -- 3.3.6 Architectures for different hardware threats -- 3.3.7 Hardware TCB as circuits or processors -- 3.4 Examples of secure processor architectures -- 3.4.1 Academic architectures -- 3.4.2 Commercial architectures -- 3.5 Secure processor architecture assumptions -- 3.5.1 Trusted processor chip assumption -- 3.5.2 Small TCB assumption -- 3.5.3 Open TCB assumption -- 3.6 Limitations of secure architectures -- 3.6.1 Physical realization threats -- 3.6.2 Supply chain threats -- 3.6.3 IP protection and reverse engineering -- 3.6.4 Side- and covert-channel threats -- 3.6.5 What secure processor architectures are not -- 3.6.6 Alternatives to hardware-based protections: homomorphic encryption --
4. Trusted execution environments -- 4.1 Protecting software within trusted execution environments -- 4.1.1 Protections offered by the TCB to the TEEs -- 4.1.2 Enforcing confidentiality through encryption -- 4.1.3 Enforcing confidentiality through isolation -- 4.1.4 Enforcing confidentiality through state flushing -- 4.1.5 Enforcing integrity through cryptographic hashing -- 4.2 Examples of architectures and TEEs -- 4.2.1 Academic architectures for protecting TSMs or enclaves -- 4.2.2 Commercial architectures for protecting TSMs or enclaves -- 4.2.3 Academic and commercial architectures for protecting whole OSes or VMs -- 4.3 TCB and TEE assumptions -- 4.3.1 No side effects assumption -- 4.3.2 Bug-free protected software assumption -- 4.3.3 Trustworthy TCB execution assumption -- 4.4 Limitations of TCBs and TEEs -- 4.4.1 Vulnerabilities in the TCB -- 4.4.2 Opaque TCB execution -- 4.4.3 TEE-based attacks -- 4.4.4 TEE code bloat --
5. Hardware root of trust -- 5.1 The root of trust -- 5.1.1 Root of trust and the processor key -- 5.1.2 PKI and secure processors -- 5.1.3 Access to the root of trust -- 5.2 Chain of trust and measurements -- 5.2.1 Trusted and authenticated boot -- 5.2.2 Measurement validation -- 5.2.3 Remote attestation -- 5.2.4 Sealing -- 5.2.5 Time-of-check to time-of-use attacks -- 5.3 Runtime attestation and continuous monitoring of TCB and TEEs -- 5.3.1 Limitations of continuous monitoring -- 5.4 PUFs and root of trust -- 5.4.1 Hardware-software binding -- 5.5 Limiting execution to only authorized code -- 5.5.1 Lock-in and privacy concerns -- 5.6 Root of trust assumptions -- 5.6.1 Unique of root of trust key assumption -- 5.6.2 Protected root of trust assumption -- 5.6.3 Fresh measurement assumption --
6. Memory protections -- 6.1 Threats against main memory -- 6.1.1 Sources of attacks on memory -- 6.1.2 Passive attacks -- 6.1.3 Active attacks -- 6.2 Main memory protection mechanisms -- 6.2.1 Confidentiality protection with encryption -- 6.2.2 Integrity protection with hashing -- 6.2.3 Access pattern protection -- 6.3 Memory protections assumption -- 6.3.1 Encrypted, hashed, and oblivious access memory assumption --
7. Multiprocessor and many-core protections -- 7.1 Security challenges of multiprocessors and many-core systems -- 7.2 Multiprocessor security -- 7.2.1 SMP and DSM threat model -- 7.2.2 Symmetric memory multiprocessor security -- 7.2.3 Distributed shared memory security -- 7.2.4 SMP and DSM tradeoffs -- 7.3 Many-core processors and multi-processor system-on-a-chip -- 7.3.1 Many-core and MPSoC threat model -- 7.3.2 Communication protection mechanisms -- 7.3.3 3D integration considerations -- 7.4 Multiprocessor and many-core protections assumption -- 7.4.1 Protected inter-processor communication assumption --
8. Side-channel threats and protections -- 8.1 Side and covert channels -- 8.1.1 Covert channel review -- 8.1.2 Side channel review -- 8.1.3 Side and covert channels in processors -- 8.2 Processor features and information leaks -- 8.2.1 Variable instruction execution timing -- 8.2.2 Functional unit contention -- 8.2.3 Stateful functional units -- 8.2.4 Memory hierarchy -- 8.2.5 Physical emanations -- 8.3 Side and covert channel classification -- 8.4 Estimates of existing attack bandwidths -- 8.4.1 Attack bandwidth analysis -- 8.5 Defending side and covert channels -- 8.5.1 Hardware-based defenses overview -- 8.5.2 Secure cache designs -- 8.5.3 Software-based defenses -- 8.5.4 Combining defenses overview -- 8.6 Side channels as attack detectors -- 8.7 Side-channel threats assumption -- 8.7.1 Side-channel free tee assumption --
9. Security verification of processor architectures -- 9.1 Motivation for formal security verification -- 9.2 Security verification across different levels of abstraction -- 9.3 Security verification approaches -- 9.3.1 System representation -- 9.3.2 Security properties -- 9.3.3 Formal verification -- 9.4 Discussion of hardware-software security verification projects -- 9.5 Security verification assumption -- 9.5.1 Verified TCB assumption -- 9.5.2 Verified TEE software assumption --
10. Principles of secure processor architecture design -- 10.1 The principles -- 10.1.1 Protect off-chip communication and memory -- 10.1.2 Isolate processor state between TEE execution -- 10.1.3 Measure and continuously monitor TCB and TEE -- 10.1.4 Allow TCB introspection -- 10.1.5 Minimize the TCB -- 10.2 Impact of secure design principles on the processor architecture principles -- 10.3 Limitations of the secure processor assumptions -- 10.4 Pitfalls and fallacies -- 10.5 Challenges in secure processor design -- 10.6 Future trends in secure processor designs -- 10.7 Art and science of secure processor design --
Abstract: With growing interest in computer security and the protection of the code and data which execute on commodity computers, the amount of hardware security features in today's processors has increased significantly over the recent years. No longer of just academic interest, security features inside processors have been embraced by industry as well, with a number of commercial secure processor architectures available today. This book aims to give readers insights into the principles behind the design of academic and commercial secure processor architectures. Secure processor architecture research is concerned with exploring and designing hardware features inside computer processors, features which can help protect confidentiality and integrity of the code and data executing on the processor. Unlike traditional processor architecture research that focuses on performance, efficiency, and energy as the first-order design objectives, secure processor architecture design has security as the first-order design objective (while still keeping the others as important design aspects that need to be considered). This book aims to present the different challenges of secure processor architecture design to graduate students interested in research on architecture and hardware security and computer architects working in industry interested in adding security features to their designs. It aims to educate readers about how the different challenges have been solved in the past and what are the best practices, i.e., the principles, for design of new secure processor architectures. Based on the careful review of past work by many computer architects and security researchers, readers also will come to know the five basic principles needed for secure processor architecture design. The book also presents existing research challenges and potential new research directions. Finally, this book presents numerous design suggestions, as well as discusses pitfalls and fallacies that designers should avoid.
    average rating: 0.0 (0 votes)
Item type Current location Call number Status Date due Barcode Item holds
E books E books PK Kelkar Library, IIT Kanpur
Available EBKE828
Total holds: 0

Mode of access: World Wide Web.

System requirements: Adobe Acrobat Reader.

Part of: Synthesis digital library of engineering and computer science.

Includes bibliographical references (pages 125-148).

Bibliography -- Online resources -- Author's biography.

1. Introduction -- 1.1 Need for secure processor architectures -- 1.2 Book organization --

2. Basic computer security concepts -- 2.1 Trusted computing base -- 2.1.1 Kerckhoffs's principle: avoid security through obscurity -- 2.2 Security threats to a system -- 2.2.1 The attack surface -- 2.2.2 Passive and active attacks -- 2.2.3 Man-in-the-middle attacks -- 2.2.4 Side and covert channels and attacks -- 2.2.5 Information flows and attack bandwidths -- 2.2.6 The threat model -- 2.2.7 Threats to hardware after the design phase -- 2.3 Basic security concepts -- 2.3.1 Confidentiality, integrity, and availability -- 2.3.2 Authentication -- 2.3.3 Freshness and nonces -- 2.3.4 Security vs. reliability -- 2.4 Symmetric-key cryptography -- 2.4.1 Symmetric-key algorithms: block ciphers -- 2.4.2 Symmetric-key algorithms: stream ciphers -- 2.4.3 Standard symmetric: key algorithms -- 2.5 Public-key cryptography -- 2.5.1 Key encapsulation mechanisms -- 2.5.2 Standard public-key algorithms -- 2.5.3 Post-quantum cryptography -- 2.6 Random number generation -- 2.7 Secure hashing -- 2.7.1 Use of hashes in message authentication codes -- 2.7.2 Use of hashes in digital signatures -- 2.7.3 Use of hashes in hash trees -- 2.7.4 Application of hashes in key derivation function -- 2.7.5 Standard secure hash algorithms -- 2.8 Public key infrastructure -- 2.8.1 Digital certificates -- 2.8.2 Diffie-Hellman key exchange -- 2.8.3 Application of PKI in secure processor architectures -- 2.9 Physically unclonable functions --

3. Secure processor architectures -- 3.1 Real-world attacks -- 3.1.1 Coldboot -- 3.1.2 Rowhammer -- 3.1.3 Meltdown -- 3.1.4 Spectre -- 3.1.5 Other bugs and vulnerabilities -- 3.2 General-purpose processor architectures -- 3.2.1 Typical software levels (rings 3 to -1) -- 3.2.2 Typical hardware components -- 3.3 Secure processor architectures -- 3.3.1 Extending vertical privilege levels -- 3.3.2 Horizontal privilege level separation -- 3.3.3 Breaking linear hierarchy of protection levels -- 3.3.4 Capability-based protections -- 3.3.5 Architectures for different software threats -- 3.3.6 Architectures for different hardware threats -- 3.3.7 Hardware TCB as circuits or processors -- 3.4 Examples of secure processor architectures -- 3.4.1 Academic architectures -- 3.4.2 Commercial architectures -- 3.5 Secure processor architecture assumptions -- 3.5.1 Trusted processor chip assumption -- 3.5.2 Small TCB assumption -- 3.5.3 Open TCB assumption -- 3.6 Limitations of secure architectures -- 3.6.1 Physical realization threats -- 3.6.2 Supply chain threats -- 3.6.3 IP protection and reverse engineering -- 3.6.4 Side- and covert-channel threats -- 3.6.5 What secure processor architectures are not -- 3.6.6 Alternatives to hardware-based protections: homomorphic encryption --

4. Trusted execution environments -- 4.1 Protecting software within trusted execution environments -- 4.1.1 Protections offered by the TCB to the TEEs -- 4.1.2 Enforcing confidentiality through encryption -- 4.1.3 Enforcing confidentiality through isolation -- 4.1.4 Enforcing confidentiality through state flushing -- 4.1.5 Enforcing integrity through cryptographic hashing -- 4.2 Examples of architectures and TEEs -- 4.2.1 Academic architectures for protecting TSMs or enclaves -- 4.2.2 Commercial architectures for protecting TSMs or enclaves -- 4.2.3 Academic and commercial architectures for protecting whole OSes or VMs -- 4.3 TCB and TEE assumptions -- 4.3.1 No side effects assumption -- 4.3.2 Bug-free protected software assumption -- 4.3.3 Trustworthy TCB execution assumption -- 4.4 Limitations of TCBs and TEEs -- 4.4.1 Vulnerabilities in the TCB -- 4.4.2 Opaque TCB execution -- 4.4.3 TEE-based attacks -- 4.4.4 TEE code bloat --

5. Hardware root of trust -- 5.1 The root of trust -- 5.1.1 Root of trust and the processor key -- 5.1.2 PKI and secure processors -- 5.1.3 Access to the root of trust -- 5.2 Chain of trust and measurements -- 5.2.1 Trusted and authenticated boot -- 5.2.2 Measurement validation -- 5.2.3 Remote attestation -- 5.2.4 Sealing -- 5.2.5 Time-of-check to time-of-use attacks -- 5.3 Runtime attestation and continuous monitoring of TCB and TEEs -- 5.3.1 Limitations of continuous monitoring -- 5.4 PUFs and root of trust -- 5.4.1 Hardware-software binding -- 5.5 Limiting execution to only authorized code -- 5.5.1 Lock-in and privacy concerns -- 5.6 Root of trust assumptions -- 5.6.1 Unique of root of trust key assumption -- 5.6.2 Protected root of trust assumption -- 5.6.3 Fresh measurement assumption --

6. Memory protections -- 6.1 Threats against main memory -- 6.1.1 Sources of attacks on memory -- 6.1.2 Passive attacks -- 6.1.3 Active attacks -- 6.2 Main memory protection mechanisms -- 6.2.1 Confidentiality protection with encryption -- 6.2.2 Integrity protection with hashing -- 6.2.3 Access pattern protection -- 6.3 Memory protections assumption -- 6.3.1 Encrypted, hashed, and oblivious access memory assumption --

7. Multiprocessor and many-core protections -- 7.1 Security challenges of multiprocessors and many-core systems -- 7.2 Multiprocessor security -- 7.2.1 SMP and DSM threat model -- 7.2.2 Symmetric memory multiprocessor security -- 7.2.3 Distributed shared memory security -- 7.2.4 SMP and DSM tradeoffs -- 7.3 Many-core processors and multi-processor system-on-a-chip -- 7.3.1 Many-core and MPSoC threat model -- 7.3.2 Communication protection mechanisms -- 7.3.3 3D integration considerations -- 7.4 Multiprocessor and many-core protections assumption -- 7.4.1 Protected inter-processor communication assumption --

8. Side-channel threats and protections -- 8.1 Side and covert channels -- 8.1.1 Covert channel review -- 8.1.2 Side channel review -- 8.1.3 Side and covert channels in processors -- 8.2 Processor features and information leaks -- 8.2.1 Variable instruction execution timing -- 8.2.2 Functional unit contention -- 8.2.3 Stateful functional units -- 8.2.4 Memory hierarchy -- 8.2.5 Physical emanations -- 8.3 Side and covert channel classification -- 8.4 Estimates of existing attack bandwidths -- 8.4.1 Attack bandwidth analysis -- 8.5 Defending side and covert channels -- 8.5.1 Hardware-based defenses overview -- 8.5.2 Secure cache designs -- 8.5.3 Software-based defenses -- 8.5.4 Combining defenses overview -- 8.6 Side channels as attack detectors -- 8.7 Side-channel threats assumption -- 8.7.1 Side-channel free tee assumption --

9. Security verification of processor architectures -- 9.1 Motivation for formal security verification -- 9.2 Security verification across different levels of abstraction -- 9.3 Security verification approaches -- 9.3.1 System representation -- 9.3.2 Security properties -- 9.3.3 Formal verification -- 9.4 Discussion of hardware-software security verification projects -- 9.5 Security verification assumption -- 9.5.1 Verified TCB assumption -- 9.5.2 Verified TEE software assumption --

10. Principles of secure processor architecture design -- 10.1 The principles -- 10.1.1 Protect off-chip communication and memory -- 10.1.2 Isolate processor state between TEE execution -- 10.1.3 Measure and continuously monitor TCB and TEE -- 10.1.4 Allow TCB introspection -- 10.1.5 Minimize the TCB -- 10.2 Impact of secure design principles on the processor architecture principles -- 10.3 Limitations of the secure processor assumptions -- 10.4 Pitfalls and fallacies -- 10.5 Challenges in secure processor design -- 10.6 Future trends in secure processor designs -- 10.7 Art and science of secure processor design --

Abstract freely available; full-text restricted to subscribers or individual document purchasers.

Compendex

INSPEC

Google scholar

Google book search

With growing interest in computer security and the protection of the code and data which execute on commodity computers, the amount of hardware security features in today's processors has increased significantly over the recent years. No longer of just academic interest, security features inside processors have been embraced by industry as well, with a number of commercial secure processor architectures available today. This book aims to give readers insights into the principles behind the design of academic and commercial secure processor architectures. Secure processor architecture research is concerned with exploring and designing hardware features inside computer processors, features which can help protect confidentiality and integrity of the code and data executing on the processor. Unlike traditional processor architecture research that focuses on performance, efficiency, and energy as the first-order design objectives, secure processor architecture design has security as the first-order design objective (while still keeping the others as important design aspects that need to be considered). This book aims to present the different challenges of secure processor architecture design to graduate students interested in research on architecture and hardware security and computer architects working in industry interested in adding security features to their designs. It aims to educate readers about how the different challenges have been solved in the past and what are the best practices, i.e., the principles, for design of new secure processor architectures. Based on the careful review of past work by many computer architects and security researchers, readers also will come to know the five basic principles needed for secure processor architecture design. The book also presents existing research challenges and potential new research directions. Finally, this book presents numerous design suggestions, as well as discusses pitfalls and fallacies that designers should avoid.

Also available in print.

Title from PDF title page (viewed on November 1, 2018).

There are no comments for this item.

Log in to your account to post a comment.

Powered by Koha