Effective implementation of the cell broadband eng

EffectiveImplementationoftheCellBroadbandEngineTMIsolationLoaderMasanaMuraseIBMResearch,TokyoResearchLaboratory1623-14ShimotsurumaYamato-shi,Kanagawa-ken242-8502Japanmmasana@jp.ibm.comKannaShimizuIBMCorporation,IBMSystems&TechnologyGroupOneRogersSt,Cambridge,MA02142kannas@us.ibm.comWilfredPlouffeIBMResearch,AlmadenResearchCenter650HarryRoadSanJose,CA95120plouffe@almaden.ibm.comMasaharuSakamotoIBMResearch,TokyoResearchLaboratory1623-14ShimotsurumaYamato-shi,Kanagawa-ken242-8502Japansakamoto@jp.ibm.comABSTRACTThispaperpresentsthedesignandimplementationoftheCellBroadbandEngineTM(Cell/B.E.)isolationloaderwhichisapartoftheIBMSoftwareDevelopmentKitforMulticoreAcceleration[14].Ourisolationloaderisakeycomponentinrealizingsecureapplicationbootandencryptedapplicationexecution.Duringtheapplicationloadprocess,theisolationloaderfetches,validates,anddecryptsaSynergisticProces-sorElement(SPE)executable,establishingachainoftrustfromthehardwaretotheapplication.Sincenotallappli-cationsareSPEexecutables,wealsointroduceageneralsolution.Thisisaverificationserviceframeworkinwhichallapplicationsincludingsystemfunctionscanbeverifiedbytheisolationloaderimmediatelybeforeexecution.Wehaveappliedseveralnovelimplementationtechniquestotheisolationloader.Thecountermeasureimplementedinourisolationloaderagainstthesubstituted-ciphertextat-tackisgivenandourstagingtechniquetoallocatecontigu-ousworkingareasforapplicationsisalsointroduced.Theloadoverheadofthisloaderincludingapplicationfetch,val-idation(RSA-2048/SHA-1),anddecryption(RSA-2048andAES)islessthan50millisecondsonthe2.8GHzIBMPow-erXCell8iprocessor.Thisoverheadisreasonablecomparedwiththe500-millisecond2048-bitRSAsigningneededbytheTrustedPlatformModulechips[3].CategoriesandSubjectDescriptorsD.4.6[OperatingSystems]:SecurityandProtectionPermissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalorclassroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributedforprofitorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitationonthefirstpage.Tocopyotherwise,torepublish,topostonserversortoredistributetolists,requirespriorspecificpermissionand/orafee.CCS’09,November9–13,2009,Chicago,Illinois,USA.Copyright2009ACM978-1-60558-352-5/09/11...$10.00.GeneralTermsDesign,Performance,SecurityKeywordsCellBroadbandEngineTM,encrypt-then-sign,isolation,multi-core,substituted-ciphertextattack1.INTRODUCTIONAlthoughmodernCPUswithmultiplecoresarethepre-dominanttrendsforenhancingperformanceandpoweref-ficiency,themulti-corefeaturehasanotheraspectforcom-puterusage–isolation.In2005,Percival[6]reportedonasecurityflawofHyper-ThreadingTechnologybywhichma-licioussoftwarecouldstealsecretdatasuchasencryptionkeysorpasswordsfromcachesorregisters.Thisisbecausetwothreads,onealegitimatethreadhandlingasecretandtheotheramaliciousthreadobservingthelegitimatethread,cansharecachesandregisterswhentheyarerunningonthesameprocessorcore.Toaddresssuchsecurityrisks,itisnecessarytopreventillegalandunexpectedaccesstosharedresources.Themulti-coresystemallowsustoconfineeachthreadtothecorrespondingcoreswithconcurrentexecutionofthosethreads.Inparticular,ifthereisnodependencyamongthreads,wecanbenefitfrombothperformanceandsecurityenhancements.Weassumethreehardwaresecurityfeaturestorealizesuchasecureenvironment:(1)on-chipmemoryisolation,(2)runtimesecureboot,and(3)decryp-tionduringthesoftwareboot.TheCellBroadbandEngineTM(Cell/B.E.)[4]processorisoneofthemulti-coreprocessorssupportingsuchcapabili-ties.Asintroducedin[21],thesecurityfeaturesarecalledthesecureprocessingvault1,theruntimesecureboot,andthehardwarerootofsecrecy,respectively.Unlikecompetingsecuritysolutions,thisdesignisuniqueinthatevenifthe1AlsoreferredtoastheSynergisticProcessorUnit(SPU)isolationmode303supervisorysoftwaresuchastheoperatingsystemorthehy-pervisoriscompromised,theprocessisolationisguaranteed.Incontrast,mostsecurityarchitecturesrelyontheperpet-ualintegrityandsecurityoftheirsupervisorysoftwaretoprotectandseparatetheprocesses.Withthesefeatures,wecancreateanisolatedandsecuredomainoneachcorewhichisindependentofthetraditionalinsecuredomainwheretheoperatingsystemorthehypervisorisrunning.While[21]focusesonthesecurityhardwarearchitectureoftheCell/B.E.processoronly,wepresentthedetailedde-signandimplementationofoursecuritysoftwarestackfortheCell/B.E.processorinthispaper.Ourworkprovidesasecuresoftware-basedapplicationloaderminimizingtheapplicationloadoverheadontopoftheCell/B.E.processor.TheCell/B.E.processorvalidatesanddecryptstheSyner-gisticProcessorElement(SPE)isolationloaderfirst.After-ward,theauthorizedloadervalidatesanddecryptsasignedandencryptedapplication(secureapplication)everytimethesecureapplicationisinitiated.Inthisway,achain-of-trustisestablishedandmaintainedfromthehardwarelayeratthebottomtotheapplicationlayer.Thislayeredstruc-turegivesusflexibilityandportabilityforapplicationde-velopment.Thesoftware-basedapplicationloaderprovidesseparationofthehardwareandtheapplicationlayersothatifonechanges(forexample,adifferentcryptographicalgo-rithmisused),theotherisnotaffected.