SCuP - Secure Cryptographic Microprocessor
Resumo
Neste artigo apresentamos o SCuP - Processador Criptográfico com Execução Segura de Código (cifrada, assinada). O SCuP é um processador de múltiplos núcleos assimétrico para aplicações gerais, que apresenta diversos mecanismos inovadores de proteção contra ataques lógicos e físicos ao processador. Dentre as principais características do processador estão o firewall de hardware (HWF) e o mecanismo de inspeção/introspecção profunda (MIP) combinados com os pacotes de execução seguros (PES). O SCuP foi validado em simulações e em FPGAs e deverá seguir para difusão semicondutora nos próximos meses.
Referências
Gianpiero Cabodi, Sergio Nocco, and Stefano Quer. Improving SAT-based Bounded Model Checking by Means of BDD-based Approximate Traversals. In in Design, Automation and Test in Europe, 2003, pages 898–903, 2003.
Benjie Chen and Robert Morris. Certifying program execution with secure processors. In HOTOS’03: Proceedings of the 9th conference on Hot Topics in Operating Systems, pages 23–23, Berkeley, CA, USA, 2003. USENIX Association.
Victor Costan, Luis F. Sarmenta, Marten van Dijk, and Srinivas Devadas. The Trusted Execution Module: Commodity General-Purpose Trusted Computing. In CARDIS ’08: Proceedings of the 8th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications, pages 133–148, Berlin, Heidelberg, 2008. Springer-Verlag.
Joan G. Dyer, Mark Lindemann, Ronald Perez, Reiner Sailer, Leendert van Doorn, Sean W. Smith, and Steve Weingart. Building the IBM 4758 secure coprocessor. Computer, 34(10):57–66, 2001.
Roberto Gallo, Henrique Kawakami, and Ricardo Dahab. On device identity establishment and verification. In Proc of EuroPKI’09 Sixth European Workshop on Public Key Services, Applications and Infrastructures, September 2009.
Roberto Gallo, Henrique Kawakami, Ricardo Dahab, Rafael Azevedo, Saulo Lima, and Guido Araujo. A hardware trusted computing base for direct recording electronic vote machines. Austin, Texas, USA, 2010. ACM.
Warren A. Hunt. Mechanical mathematical methods for microprocessor verification. In Rajeev Alur and Doron A. Peled, editors, Computer Aided Verification, volume 3114 of Lecture Notes in Computer Science, pages 274–276. Springer Berlin Heidelberg, 2004.
Hiroaki Iwashita, Satoshi Kowatari, Tsuneo Nakata, and Fumiyasu Hirose. Automatic test program generation for pipelined processors. In Proceedings of the 1994 IEEEACM international conference on Computer-aided design, ICCAD 94, pages 580– 583, Los Alamitos, CA, USA, 1994. IEEE Computer Society Press.
Ruby B. Lee, Peter C. S. Kwan, John P. McGregor, Jeffrey Dwoskin, and Zhenghong Wang. Architecture for protecting critical secrets in microprocessors. SIGARCH Comput. Archit. News, 33:2–13, May 2005.
A Mirjalili, S, and Lenstra. Security Observance throughout the Life-Cycle of Embedded Systems. In International Conference on Embedded Systems, 2008.
NIST. Security requirements for cryptographic modules, Federal Information Processing Standards Publication (FIPS PUB) 140-2, 2002.
E. Oksuzoglu and D.S. Wallach. VoteBox Nano: A Smaller, Stronger FPGA-based Voting Machine (Short Paper). usenix.org, 2009.
John P., Dwoskin, and Ruby B. Lee. A framework for testing hardware-software security architectures. Austin, Texas, USA, 2010. ACM.
Bryan D. Payne, Martim Carbone, Monirul Sharif, and Wenke Lee. Lares: An architecture for secure active monitoring using virtualization. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, pages 233–247, Washington, DC, USA, 2008. IEEE Computer Society.
Nick L. Petroni, Jr., Timothy Fraser, Jesus Molina, and William A. Arbaugh. Copilot a coprocessor-based kernel runtime integrity monitor. In Proceedings of the 13th 83 conference on USENIX Security Symposium Volume 13, SSYM’04, pages 13–13, Berkeley, CA, USA, 2004. USENIX Association.
Sandip Ray and Warren A. Hunt. Deductive verification of pipelined machines using firstorder quantification. In Rajeev Alur and Doron A. Peled, editors, Computer Aided Verification, volume 3114 of Lecture Notes in Computer Science, pages 254–256. Springer Berlin Heidelberg, 2004.
Naveen K Sastry. Verifying security properties in electronic voting machines. PhD thesis, University Of California, Berkeley, 2007.
F. Schneider, Greg Morrisett, and Robert Harper. A language-based approach to security. In Informatics, pages 86–101. Springer, 2001.
K. Shimizu, H. P. Hofstee, and J. S. Liberty. Cell broadband engine processor vault security architecture. IBM J. Res. Dev., 51(5):521–528, 2007.
G. Edward Suh, Charles W. O’Donnell, and Srinivas Devadas. Aegis: A single-chip secure processor. IEEE Design and Test of Computers, 24(6):570–580, 2007.
The Common Criteria Recognition Agreement. Common criteria for information technology security evaluation v3.1 revision 3, July 2009.
Trusted Computing Group. Trusted Platform Module Main Description Level 2 version 1.2 revision 116, March 2011.
Paul D. Williams. CuPIDS: increasing information system security through the use of dedicated co-processing. PhD thesis, West Lafayette, IN, USA, 2005. AAI3191586.
Benjie Chen and Robert Morris. Certifying program execution with secure processors. In HOTOS’03: Proceedings of the 9th conference on Hot Topics in Operating Systems, pages 23–23, Berkeley, CA, USA, 2003. USENIX Association.
Victor Costan, Luis F. Sarmenta, Marten van Dijk, and Srinivas Devadas. The Trusted Execution Module: Commodity General-Purpose Trusted Computing. In CARDIS ’08: Proceedings of the 8th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications, pages 133–148, Berlin, Heidelberg, 2008. Springer-Verlag.
Joan G. Dyer, Mark Lindemann, Ronald Perez, Reiner Sailer, Leendert van Doorn, Sean W. Smith, and Steve Weingart. Building the IBM 4758 secure coprocessor. Computer, 34(10):57–66, 2001.
Roberto Gallo, Henrique Kawakami, and Ricardo Dahab. On device identity establishment and verification. In Proc of EuroPKI’09 Sixth European Workshop on Public Key Services, Applications and Infrastructures, September 2009.
Roberto Gallo, Henrique Kawakami, Ricardo Dahab, Rafael Azevedo, Saulo Lima, and Guido Araujo. A hardware trusted computing base for direct recording electronic vote machines. Austin, Texas, USA, 2010. ACM.
Warren A. Hunt. Mechanical mathematical methods for microprocessor verification. In Rajeev Alur and Doron A. Peled, editors, Computer Aided Verification, volume 3114 of Lecture Notes in Computer Science, pages 274–276. Springer Berlin Heidelberg, 2004.
Hiroaki Iwashita, Satoshi Kowatari, Tsuneo Nakata, and Fumiyasu Hirose. Automatic test program generation for pipelined processors. In Proceedings of the 1994 IEEEACM international conference on Computer-aided design, ICCAD 94, pages 580– 583, Los Alamitos, CA, USA, 1994. IEEE Computer Society Press.
Ruby B. Lee, Peter C. S. Kwan, John P. McGregor, Jeffrey Dwoskin, and Zhenghong Wang. Architecture for protecting critical secrets in microprocessors. SIGARCH Comput. Archit. News, 33:2–13, May 2005.
A Mirjalili, S, and Lenstra. Security Observance throughout the Life-Cycle of Embedded Systems. In International Conference on Embedded Systems, 2008.
NIST. Security requirements for cryptographic modules, Federal Information Processing Standards Publication (FIPS PUB) 140-2, 2002.
E. Oksuzoglu and D.S. Wallach. VoteBox Nano: A Smaller, Stronger FPGA-based Voting Machine (Short Paper). usenix.org, 2009.
John P., Dwoskin, and Ruby B. Lee. A framework for testing hardware-software security architectures. Austin, Texas, USA, 2010. ACM.
Bryan D. Payne, Martim Carbone, Monirul Sharif, and Wenke Lee. Lares: An architecture for secure active monitoring using virtualization. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, pages 233–247, Washington, DC, USA, 2008. IEEE Computer Society.
Nick L. Petroni, Jr., Timothy Fraser, Jesus Molina, and William A. Arbaugh. Copilot a coprocessor-based kernel runtime integrity monitor. In Proceedings of the 13th 83 conference on USENIX Security Symposium Volume 13, SSYM’04, pages 13–13, Berkeley, CA, USA, 2004. USENIX Association.
Sandip Ray and Warren A. Hunt. Deductive verification of pipelined machines using firstorder quantification. In Rajeev Alur and Doron A. Peled, editors, Computer Aided Verification, volume 3114 of Lecture Notes in Computer Science, pages 254–256. Springer Berlin Heidelberg, 2004.
Naveen K Sastry. Verifying security properties in electronic voting machines. PhD thesis, University Of California, Berkeley, 2007.
F. Schneider, Greg Morrisett, and Robert Harper. A language-based approach to security. In Informatics, pages 86–101. Springer, 2001.
K. Shimizu, H. P. Hofstee, and J. S. Liberty. Cell broadband engine processor vault security architecture. IBM J. Res. Dev., 51(5):521–528, 2007.
G. Edward Suh, Charles W. O’Donnell, and Srinivas Devadas. Aegis: A single-chip secure processor. IEEE Design and Test of Computers, 24(6):570–580, 2007.
The Common Criteria Recognition Agreement. Common criteria for information technology security evaluation v3.1 revision 3, July 2009.
Trusted Computing Group. Trusted Platform Module Main Description Level 2 version 1.2 revision 116, March 2011.
Paul D. Williams. CuPIDS: increasing information system security through the use of dedicated co-processing. PhD thesis, West Lafayette, IN, USA, 2005. AAI3191586.
Publicado
06/11/2011
Como Citar
GALLO, Roberto; KAWAKAMI, Henrique; DAHAB, Ricardo.
SCuP - Secure Cryptographic Microprocessor. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 11. , 2011, Brasília.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2011
.
p. 71-84.
DOI: https://doi.org/10.5753/sbseg.2011.20564.
