Architecture for Protecting Critical Secrets in Microprocessors

Abstract: We propose "secret-protected (SP)

“…The trusted computing base of the SecureCore transient trust architecture [5] is provided by the SP processor [6][2], the Trusted Management Layer (TML), a Trusted Executive (TE) that provides execution services for high integrity applications, and the Trusted Path Application (TPA); see Figure 1.…”

“…The TSM communicates with a remote central authority (the Authority) through a channel that is encrypted with the SP hardware-based Device Root Key (DRK). [6][2] The application TSM can invoke the available services of the client OS or the TML -in particular it can access the TML's trusted display conduit.…”

“…Cryptographic validation of data integrity is performed (the validation protocol is outside the scope of this report) and if the validation fails, a resend of the message is requested, or the TSM exits with an appropriate error message. The application TSM then invokes a TML TSM module, through a TML call gate (6). The TML TSM reads the clear text using SP Secure_Load and then uses regular store instructions to write the data to a TML buffer (buffer 2) (7).…”

Use of Trusted Software Modules for Emergency-Integrity Display

“…The trusted computing base of the SecureCore transient trust architecture [5] is provided by the SP processor [6][2], the Trusted Management Layer (TML), a Trusted Executive (TE) that provides execution services for high integrity applications, and the Trusted Path Application (TPA); see Figure 1.…”

“…The TSM communicates with a remote central authority (the Authority) through a channel that is encrypted with the SP hardware-based Device Root Key (DRK). [6][2] The application TSM can invoke the available services of the client OS or the TML -in particular it can access the TML's trusted display conduit.…”

“…Cryptographic validation of data integrity is performed (the validation protocol is outside the scope of this report) and if the validation fails, a resend of the message is requested, or the TSM exits with an appropriate error message. The application TSM then invokes a TML TSM module, through a TML call gate (6). The TML TSM reads the clear text using SP Secure_Load and then uses regular store instructions to write the data to a TML buffer (buffer 2) (7).…”

Use of Trusted Software Modules for Emergency-Integrity Display

“…The use of untrustworthy data for jump target addresses can be prevented by tagging all data coming from untrustworthy channels [21,22]; however, this approach requires relatively complex tracking of spurious data propagation and may produce false alarms. More comprehensive secure architectures that are directly related to this work include execute-only memory (XOM) [1], an architecture for protecting critical secrets in microprocessors [23], an architecture for memory integrity verification [24], a XOM-like architecture with fast one-time-pad encryption [3], an architecture for runtime verification of instruction block signatures [4], and a hardware/software platform for intrusion prevention [9].…”

A low overhead hardware technique for software integrity and confidentiality

“…The platform must support the integration of the Secret Protected (SP) architecture to provide a safe environment for per-user cryptographic processing [5]. The original SP design must be enhanced to support virtualization to prevent covert channels.…”

Preliminary Security Requirements for SecureCore Hardware