Paper 2014/136
Isolated Execution on Many-core Architectures
Ramya Jayaram Masti, Devendra Rai, Claudio Marforio, and Srdjan Capkun
Abstract
We explore how many-core platforms can be used to enhance the security of future systems and to support important security properties such as runtime isolation using a small Trusted Computing Base (TCB). We focus on the Intel Single-chip Cloud Computer (SCC) to show that such properties can be implemented in current systems. We design a system called \archname{} which offers strong security properties while maintaining high performance and flexibility enabled by a small centralized security kernel. We further implement and evaluate the feasibility of our design. Currently, our prototype security kernel is able to execute applications in isolation and accommodate dynamic resource requests from them. We show that, with minor modifications, many-core architectures can offer some unique security properties, not supported by existing single- and multi-core architectures, such as application context awareness. Context awareness, a new security property that we define and explore in this work, allows each application to discover, without any interaction with the security kernel, which other parts of the system are allowed to interact with it and access its resources. We also discuss how an application can use context awareness to defend itself from an unlikely, yet potentially compromised security kernel.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- many-core systemshardware securityarchitectureisolation
- Contact author(s)
- rmasti @ inf ethz ch
- History
- 2014-02-24: received
- Short URL
- https://ia.cr/2014/136
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/136, author = {Ramya Jayaram Masti and Devendra Rai and Claudio Marforio and Srdjan Capkun}, title = {Isolated Execution on Many-core Architectures}, howpublished = {Cryptology {ePrint} Archive, Paper 2014/136}, year = {2014}, url = {https://eprint.iacr.org/2014/136} }