Cryptology ePrint Archive: Report 2014/136

Isolated Execution on Many-core Architectures

Ramya Jayaram Masti and Devendra Rai and Claudio Marforio and Srdjan Capkun

Abstract: We explore how many-core platforms can be used to enhance the security of future systems and to support important security properties such as runtime isolation using a small Trusted Computing Base (TCB). We focus on the Intel Single-chip Cloud Computer (SCC) to show that such properties can be implemented in current systems. We design a system called \archname{} which offers strong security properties while maintaining high performance and flexibility enabled by a small centralized security kernel. We further implement and evaluate the feasibility of our design. Currently, our prototype security kernel is able to execute applications in isolation and accommodate dynamic resource requests from them.

We show that, with minor modifications, many-core architectures can offer some unique security properties, not supported by existing single- and multi-core architectures, such as application context awareness. Context awareness, a new security property that we define and explore in this work, allows each application to discover, without any interaction with the security kernel, which other parts of the system are allowed to interact with it and access its resources. We also discuss how an application can use context awareness to defend itself from an unlikely, yet potentially compromised security kernel.

Category / Keywords: many-core systems; hardware security; architecture; isolation

Date: received 21 Feb 2014, last revised 22 Feb 2014

Contact author: rmasti at inf ethz ch

Available format(s): PDF | BibTeX Citation

Version: 20140224:033454 (All versions of this report)

Short URL: ia.cr/2014/136

Discussion forum: Show discussion | Start new discussion