An Operating System Design for the Security Architecture for Microprocessors

  • Jörg Platte
  • Raúl Durán Díaz
  • Edwin Naroska
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4307)

Abstract

SAM is a processor extension used to protect execution of dedicated programs by preventing data disclosure and program manipulations in a multitasking environment. This paper presents an operating system design based on the Linux kernel for SAM. The design splits the kernel into a very small protected part and an unprotected part used by drivers and high level functions. Using this kernel protected and unprotected programs can be executed in parallel without diminishing the protection. The protection mechanism does not slow down the execution of unprotected programs, since it is only active during the execution of protected programs.

Keywords

Secure Operating Systems Certified Execution Encrypted Programs Secure Processors 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Suh, G.E.: AEGIS: A Single-Chip Secure Processor. PhD thesis, Massachusetts Institute of Technology (2005)Google Scholar
  2. 2.
    Platte, J., Naroska, E.: A combined hardware and software architecture for secure computing. In: CF 2005: Proceedings of the 2nd conference on Computing frontiers, pp. 280–288. ACM Press, New York (2005)CrossRefGoogle Scholar
  3. 3.
    Platte, J., Naroska, E., Grundmann, K.: A cache design for a security architecture for microprocessors (SAM). In: Grass, W., Sick, B., Waldschmidt, K. (eds.) ARCS 2006. LNCS, vol. 3894, pp. 435–449. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    SPARC International Inc.: The Sparc Architecture Manual Version 8. SPARC International Inc. (1991), http://www.sparc.com
  5. 5.
    Gassend, B., Clarke, D., Suh, G.E., van Dijk, M., Devadas, S.: Caches and Hash Trees for Efficient Memory Integrity Verification. In: Proceedings of the Ninth International Symposium on High Performance Computer Architecture (HPCA-9) (2003)Google Scholar
  6. 6.
    Merkle, R.C.: Protocols for public key cryptosystems. In: IEEE (ed.) IEEE Symposium on Security and Privacy, 1109 Spring Street, Suite 300, Silver Spring, MD 20910, USA, pp. 122–134. IEEE Computer Society Press, Los Alamitos (1980)Google Scholar
  7. 7.
    Intel Corporation: LaGrande Technology Preliminary Architecture Specification (2006), ftp://download.intel.com/technology/security/downloads/PRELIM-LT-SPEC_D52212.pdf
  8. 8.
    Intel Corporation: LaGrande Technology Architectural Overview (2003), ftp://download.intel.com/technology/security/downloads/LT_Arch_Overview.pdf
  9. 9.
    Microsoft: Next-generation secure computing base (2006), http://www.microsoft.com/resources/ngscb/
  10. 10.
    Trusted Computing Group: TPM main part 1 design principle, specification version 1.2, revision 94 (2006), https://www.trustedcomputinggroup.org/groups/tpm
  11. 11.
    Trusted Computing Group (2006), https://www.trustedcomputinggroup.org/
  12. 12.
    Lie, D., Thekkath, C.A., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J.C., Horowitz, M.: Architectural support for copy and tamper resistant software (2000)Google Scholar
  13. 13.
    Bellard, F.: QEMU, a fast and portable dynamic translator. In: Proceedings of USENIX 2005 Annual Technical Conference, pp. 41–46 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jörg Platte
    • 1
  • Raúl Durán Díaz
    • 1
  • Edwin Naroska
    • 1
  1. 1.Institut für Roboterforschung, Abteilung InformationstechnikUniversität DortmundGermany

Personalised recommendations