000 | 12046nam a22007211i 4500 | ||
---|---|---|---|
001 | 8502017 | ||
003 | IEEE | ||
005 | 20200413152927.0 | ||
006 | m eo d | ||
007 | cr cn |||m|||a | ||
008 | 181101s2019 caua foab 000 0 eng d | ||
020 |
_a9781681730028 _qebook |
||
020 |
_z9781681734040 _qhardcover |
||
020 |
_z9781681730011 _qpaperback |
||
024 | 7 |
_a10.2200/S00864ED1V01Y201807CAC045 _2doi |
|
035 | _a(CaBNVSL)swl000408760 | ||
035 | _a(OCoLC)1060574854 | ||
040 |
_aCaBNVSL _beng _erda _cCaBNVSL _dCaBNVSL |
||
050 | 4 |
_aQA76.9.A73 _bS946 2019 |
|
082 | 0 | 4 |
_a004.22 _223 |
100 | 1 |
_aSzefer, Jakub, _eauthor. |
|
245 | 1 | 0 |
_aPrinciples of secure processor architecture design / _cJakub Szefer. |
264 | 1 |
_a[San Rafael, California] : _bMorgan & Claypool, _c2019. |
|
300 |
_a1 PDF (xxi, 151 pages) : _billustrations. |
||
336 |
_atext _2rdacontent |
||
337 |
_aelectronic _2isbdmedia |
||
338 |
_aonline resource _2rdacarrier |
||
490 | 1 |
_aSynthesis lectures on computer architecture, _x1935-3243 ; _v# 45 |
|
538 | _aMode of access: World Wide Web. | ||
538 | _aSystem requirements: Adobe Acrobat Reader. | ||
500 | _aPart of: Synthesis digital library of engineering and computer science. | ||
504 | _aIncludes bibliographical references (pages 125-148). | ||
505 | 8 | _aBibliography -- Online resources -- Author's biography. | |
505 | 0 | _a1. Introduction -- 1.1 Need for secure processor architectures -- 1.2 Book organization -- | |
505 | 8 | _a2. Basic computer security concepts -- 2.1 Trusted computing base -- 2.1.1 Kerckhoffs's principle: avoid security through obscurity -- 2.2 Security threats to a system -- 2.2.1 The attack surface -- 2.2.2 Passive and active attacks -- 2.2.3 Man-in-the-middle attacks -- 2.2.4 Side and covert channels and attacks -- 2.2.5 Information flows and attack bandwidths -- 2.2.6 The threat model -- 2.2.7 Threats to hardware after the design phase -- 2.3 Basic security concepts -- 2.3.1 Confidentiality, integrity, and availability -- 2.3.2 Authentication -- 2.3.3 Freshness and nonces -- 2.3.4 Security vs. reliability -- 2.4 Symmetric-key cryptography -- 2.4.1 Symmetric-key algorithms: block ciphers -- 2.4.2 Symmetric-key algorithms: stream ciphers -- 2.4.3 Standard symmetric: key algorithms -- 2.5 Public-key cryptography -- 2.5.1 Key encapsulation mechanisms -- 2.5.2 Standard public-key algorithms -- 2.5.3 Post-quantum cryptography -- 2.6 Random number generation -- 2.7 Secure hashing -- 2.7.1 Use of hashes in message authentication codes -- 2.7.2 Use of hashes in digital signatures -- 2.7.3 Use of hashes in hash trees -- 2.7.4 Application of hashes in key derivation function -- 2.7.5 Standard secure hash algorithms -- 2.8 Public key infrastructure -- 2.8.1 Digital certificates -- 2.8.2 Diffie-Hellman key exchange -- 2.8.3 Application of PKI in secure processor architectures -- 2.9 Physically unclonable functions -- | |
505 | 8 | _a3. Secure processor architectures -- 3.1 Real-world attacks -- 3.1.1 Coldboot -- 3.1.2 Rowhammer -- 3.1.3 Meltdown -- 3.1.4 Spectre -- 3.1.5 Other bugs and vulnerabilities -- 3.2 General-purpose processor architectures -- 3.2.1 Typical software levels (rings 3 to -1) -- 3.2.2 Typical hardware components -- 3.3 Secure processor architectures -- 3.3.1 Extending vertical privilege levels -- 3.3.2 Horizontal privilege level separation -- 3.3.3 Breaking linear hierarchy of protection levels -- 3.3.4 Capability-based protections -- 3.3.5 Architectures for different software threats -- 3.3.6 Architectures for different hardware threats -- 3.3.7 Hardware TCB as circuits or processors -- 3.4 Examples of secure processor architectures -- 3.4.1 Academic architectures -- 3.4.2 Commercial architectures -- 3.5 Secure processor architecture assumptions -- 3.5.1 Trusted processor chip assumption -- 3.5.2 Small TCB assumption -- 3.5.3 Open TCB assumption -- 3.6 Limitations of secure architectures -- 3.6.1 Physical realization threats -- 3.6.2 Supply chain threats -- 3.6.3 IP protection and reverse engineering -- 3.6.4 Side- and covert-channel threats -- 3.6.5 What secure processor architectures are not -- 3.6.6 Alternatives to hardware-based protections: homomorphic encryption -- | |
505 | 8 | _a4. Trusted execution environments -- 4.1 Protecting software within trusted execution environments -- 4.1.1 Protections offered by the TCB to the TEEs -- 4.1.2 Enforcing confidentiality through encryption -- 4.1.3 Enforcing confidentiality through isolation -- 4.1.4 Enforcing confidentiality through state flushing -- 4.1.5 Enforcing integrity through cryptographic hashing -- 4.2 Examples of architectures and TEEs -- 4.2.1 Academic architectures for protecting TSMs or enclaves -- 4.2.2 Commercial architectures for protecting TSMs or enclaves -- 4.2.3 Academic and commercial architectures for protecting whole OSes or VMs -- 4.3 TCB and TEE assumptions -- 4.3.1 No side effects assumption -- 4.3.2 Bug-free protected software assumption -- 4.3.3 Trustworthy TCB execution assumption -- 4.4 Limitations of TCBs and TEEs -- 4.4.1 Vulnerabilities in the TCB -- 4.4.2 Opaque TCB execution -- 4.4.3 TEE-based attacks -- 4.4.4 TEE code bloat -- | |
505 | 8 | _a5. Hardware root of trust -- 5.1 The root of trust -- 5.1.1 Root of trust and the processor key -- 5.1.2 PKI and secure processors -- 5.1.3 Access to the root of trust -- 5.2 Chain of trust and measurements -- 5.2.1 Trusted and authenticated boot -- 5.2.2 Measurement validation -- 5.2.3 Remote attestation -- 5.2.4 Sealing -- 5.2.5 Time-of-check to time-of-use attacks -- 5.3 Runtime attestation and continuous monitoring of TCB and TEEs -- 5.3.1 Limitations of continuous monitoring -- 5.4 PUFs and root of trust -- 5.4.1 Hardware-software binding -- 5.5 Limiting execution to only authorized code -- 5.5.1 Lock-in and privacy concerns -- 5.6 Root of trust assumptions -- 5.6.1 Unique of root of trust key assumption -- 5.6.2 Protected root of trust assumption -- 5.6.3 Fresh measurement assumption -- | |
505 | 8 | _a6. Memory protections -- 6.1 Threats against main memory -- 6.1.1 Sources of attacks on memory -- 6.1.2 Passive attacks -- 6.1.3 Active attacks -- 6.2 Main memory protection mechanisms -- 6.2.1 Confidentiality protection with encryption -- 6.2.2 Integrity protection with hashing -- 6.2.3 Access pattern protection -- 6.3 Memory protections assumption -- 6.3.1 Encrypted, hashed, and oblivious access memory assumption -- | |
505 | 8 | _a7. Multiprocessor and many-core protections -- 7.1 Security challenges of multiprocessors and many-core systems -- 7.2 Multiprocessor security -- 7.2.1 SMP and DSM threat model -- 7.2.2 Symmetric memory multiprocessor security -- 7.2.3 Distributed shared memory security -- 7.2.4 SMP and DSM tradeoffs -- 7.3 Many-core processors and multi-processor system-on-a-chip -- 7.3.1 Many-core and MPSoC threat model -- 7.3.2 Communication protection mechanisms -- 7.3.3 3D integration considerations -- 7.4 Multiprocessor and many-core protections assumption -- 7.4.1 Protected inter-processor communication assumption -- | |
505 | 8 | _a8. Side-channel threats and protections -- 8.1 Side and covert channels -- 8.1.1 Covert channel review -- 8.1.2 Side channel review -- 8.1.3 Side and covert channels in processors -- 8.2 Processor features and information leaks -- 8.2.1 Variable instruction execution timing -- 8.2.2 Functional unit contention -- 8.2.3 Stateful functional units -- 8.2.4 Memory hierarchy -- 8.2.5 Physical emanations -- 8.3 Side and covert channel classification -- 8.4 Estimates of existing attack bandwidths -- 8.4.1 Attack bandwidth analysis -- 8.5 Defending side and covert channels -- 8.5.1 Hardware-based defenses overview -- 8.5.2 Secure cache designs -- 8.5.3 Software-based defenses -- 8.5.4 Combining defenses overview -- 8.6 Side channels as attack detectors -- 8.7 Side-channel threats assumption -- 8.7.1 Side-channel free tee assumption -- | |
505 | 8 | _a9. Security verification of processor architectures -- 9.1 Motivation for formal security verification -- 9.2 Security verification across different levels of abstraction -- 9.3 Security verification approaches -- 9.3.1 System representation -- 9.3.2 Security properties -- 9.3.3 Formal verification -- 9.4 Discussion of hardware-software security verification projects -- 9.5 Security verification assumption -- 9.5.1 Verified TCB assumption -- 9.5.2 Verified TEE software assumption -- | |
505 | 8 | _a10. Principles of secure processor architecture design -- 10.1 The principles -- 10.1.1 Protect off-chip communication and memory -- 10.1.2 Isolate processor state between TEE execution -- 10.1.3 Measure and continuously monitor TCB and TEE -- 10.1.4 Allow TCB introspection -- 10.1.5 Minimize the TCB -- 10.2 Impact of secure design principles on the processor architecture principles -- 10.3 Limitations of the secure processor assumptions -- 10.4 Pitfalls and fallacies -- 10.5 Challenges in secure processor design -- 10.6 Future trends in secure processor designs -- 10.7 Art and science of secure processor design -- | |
506 | _aAbstract freely available; full-text restricted to subscribers or individual document purchasers. | ||
510 | 0 | _aCompendex | |
510 | 0 | _aINSPEC | |
510 | 0 | _aGoogle scholar | |
510 | 0 | _aGoogle book search | |
520 | 3 | _aWith growing interest in computer security and the protection of the code and data which execute on commodity computers, the amount of hardware security features in today's processors has increased significantly over the recent years. No longer of just academic interest, security features inside processors have been embraced by industry as well, with a number of commercial secure processor architectures available today. This book aims to give readers insights into the principles behind the design of academic and commercial secure processor architectures. Secure processor architecture research is concerned with exploring and designing hardware features inside computer processors, features which can help protect confidentiality and integrity of the code and data executing on the processor. Unlike traditional processor architecture research that focuses on performance, efficiency, and energy as the first-order design objectives, secure processor architecture design has security as the first-order design objective (while still keeping the others as important design aspects that need to be considered). This book aims to present the different challenges of secure processor architecture design to graduate students interested in research on architecture and hardware security and computer architects working in industry interested in adding security features to their designs. It aims to educate readers about how the different challenges have been solved in the past and what are the best practices, i.e., the principles, for design of new secure processor architectures. Based on the careful review of past work by many computer architects and security researchers, readers also will come to know the five basic principles needed for secure processor architecture design. The book also presents existing research challenges and potential new research directions. Finally, this book presents numerous design suggestions, as well as discusses pitfalls and fallacies that designers should avoid. | |
530 | _aAlso available in print. | ||
588 | _aTitle from PDF title page (viewed on November 1, 2018). | ||
650 | 0 | _aComputer architecture. | |
650 | 0 | _aComputer security. | |
653 | _asecure processor design | ||
653 | _aprocessor architecture | ||
653 | _acomputer security | ||
653 | _atrustworthy computing | ||
653 | _acomputer hardware security | ||
776 | 0 | 8 |
_iPrint version: _z9781681730011 _z9781681734040 |
830 | 0 | _aSynthesis digital library of engineering and computer science. | |
830 | 0 |
_aSynthesis lectures in computer architecture ; _v# 45. _x1935-3243 |
|
856 | 4 | 2 |
_3Abstract with links to resource _uhttps://ieeexplore.ieee.org/servlet/opac?bknumber=8502017 |
999 |
_c562328 _d562328 |