SP Architecture

Architecture and Application

The Secret-Protection (SP) architecture provides applications with direct hardware protection of a trusted software module (TSM), which does not depend on whether the underlying Operating System has been compromised by attackers or not. This enables arbitrary security policies to be implemented by software in a TSM at the application level, and protected by SP hardware features in the microprocessor. SP provides a minimal set of hardware trust anchors and security mechanisms to provide a secure execution encironment and secure storage for a security-critical task implemented as a TSM. SP has been found useful in different scenarios including a user storing his sensitive information in the Cloud [1], an authority trusting its SP-enabled devices in the field [2], implementing arbitrary information sharing policies at the application level [3], for devices such as non-copyable disks [4], for improving key establishment in mobile ad-hoc networks [5], and for improving accountability in hosted virtual networks [6]. We are also scaling the SP architecture to support mutiple simultaneously trusted software modules from mutually-distrustful security domains (see Bastion architecture below).

  1. Ruby B. Lee, Peter C. S. Kwan, John Patrick McGregor, Jeffrey Dwoskin, and Zhenghong Wang, “Architecture for Protecting Critical Secrets in Microprocessors,” Proceedings of the 32nd International Symposium on Computer Architecture (ISCA 2005), pp. 2-13, June 2005.[slides]
  2. Jeffrey S Dwoskin, Ruby B. Lee, "Hardware-rooted Trust for Secure Key Management and Transient Trust", ACM Conference on Computer and Communications Security (CCS) 2007, Alexandria, VA, pp. 389-400, October 2007. [slides]
  3. Yu-Yuan Chen and Ruby B. Lee, “Hardware-Assisted Application-Level Access Control”, accepted as full paper at Information Security Conference (ISC 2009), Pisa Italy, September 7-9, 2009.
  4. M. S. Wang and R. B. Lee, “Architecture for a Non-Copyable Disk (NCdisk) Using a Secret-Protection (SP) SoC Solution”, Proc. Asilomar Conference, Nov 2007.
  5. J. Dwoskin, D. Xu, J. Huang, M Chiang, R. Lee, "Secure Key Management Architecture Against Sensor-node Fabrication Attacks", Proc. IEEE GLOBECOM, Nov 2007.
  6. Keller, E., Lee, R.B., Rexford, J., "Accountability in Hosted Virtual Networks", VISA 2009, ACM Sigcomm workshop, Barcelona, Spain, August 17.
  7. Jeffrey S. Dwoskin " Securing the Use of Sensitive Data on Remote Devices Using a Hardware-Software Architecture", Ph.D. Thesis, Princeton University. June 2010.

Implementation


Testing


AttachmentSize
SP-PAX_1.8.pdf1.32 MB