Building a High-Performance, Programmable Secure Coprocessor
Sean W. Smith - IBM T.J. Watson Research Center
May 01, 1998
AbstractSecure coprocessors enable secure distributed applications by providing safe havens where an application program can execute (and accumulate state), free of observation and interference by an adversary with direct physical access to the device. However, for these coprocessors to be effective, participants in such applications must be able to verify that they are interacting with an authentic program on an authentic, untampered device. Furthermore, secure coprocessors that support general-purpose computation and will be manufactured and distributed as commercial products must provide these core sanctuary and authentication properties while also meeting many additional challenges, including:
- the applications, operating system, and underlying security management may all come from different, mutually suspicious authorities;
- configuration and maintenance must occur in a hostile environment, while minimizing disruption of operations;
- the device must be able to recover from the vulnerabilities that inevitably emerge in complex software;
- hardware constraints dictate that support for advanced cryptography depends on reloadable software; and
- physical security dictates that the device itself can never be opened and examined.
This talk summarizes the hardware, software, and cryptographic architecture we developed to address these problems. Furthermore, with our colleagues, we have implemented this solution, now available as a commercial product---and as a research tool.
Joint work with Steve Weingart.
About the SpeakerSean received his M.S. and Ph.D. in CS from CMU, but did his undergrad work in math at Princeton. Sean left Los Alamos National Laboratory for IBM Research in order to see that a device likes this finally would exist.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.