Paper 2014/136

Isolated Execution on Many-core Architectures

Ramya Jayaram Masti, Devendra Rai, Claudio Marforio, and Srdjan Capkun


We explore how many-core platforms can be used to enhance the security of future systems and to support important security properties such as runtime isolation using a small Trusted Computing Base (TCB). We focus on the Intel Single-chip Cloud Computer (SCC) to show that such properties can be implemented in current systems. We design a system called \archname{} which offers strong security properties while maintaining high performance and flexibility enabled by a small centralized security kernel. We further implement and evaluate the feasibility of our design. Currently, our prototype security kernel is able to execute applications in isolation and accommodate dynamic resource requests from them. We show that, with minor modifications, many-core architectures can offer some unique security properties, not supported by existing single- and multi-core architectures, such as application context awareness. Context awareness, a new security property that we define and explore in this work, allows each application to discover, without any interaction with the security kernel, which other parts of the system are allowed to interact with it and access its resources. We also discuss how an application can use context awareness to defend itself from an unlikely, yet potentially compromised security kernel.

Available format(s)
Publication info
Preprint. MINOR revision.
many-core systemshardware securityarchitectureisolation
Contact author(s)
rmasti @ inf ethz ch
2014-02-24: received
Short URL
Creative Commons Attribution


      author = {Ramya Jayaram Masti and Devendra Rai and Claudio Marforio and Srdjan Capkun},
      title = {Isolated Execution on Many-core Architectures},
      howpublished = {Cryptology ePrint Archive, Paper 2014/136},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.