Enforcing Information Flow Guarantees in Reconfigurable Systems with Mix-trusted IP
نویسندگان
چکیده
Trusted systems fundamentally rely on the ability to tightly control the flow of information both in-to and out-of the device. Due to their inherent programmability, reconfigurable systems are riddled with security holes (timing channels, undefined behaviors, storage channels, backdoors) which can be used as a foothold for attackers to strike. System designers are constantly forced to respond to these attacks, often only after significant damage has been inflicted. We propose to use the reconfigurable nature of the system to our advantage by taking a bottom-up, hardware based approach to security. Using an information flow secure hardware foundation, which can precisely verify all information flows from Boolean gates, security can be verified all the way up the system stack. This can be used to ensure private keys are never leaked (for secrecy), and that untrusted information will not be used in the making of critical decisions (for safety and fault tolerance).
منابع مشابه
SeReCon: a secure reconfiguration controller for self-reconfigurable systems
A risk of covert insertion of circuitry into reconfigurable computing (RC) systems exists. This paper reviews risks of hardware attack on field programmable gate array (FPGA)-based RC systems and proposes a method for secure system credentials generation (unique, random and partially anonymous) and trusted self-reconfiguration, using a secure reconfiguration controller (SeReCon) and partial rec...
متن کاملHardware Enforcement of Application Security Policies Using Tagged Memory
Computers are notoriously insecure, in part because application security policies do not map well onto traditional protection mechanisms such as Unix user accounts or hardware page tables. Recent work has shown that application policies can be expressed in terms of information flow restrictions and enforced in an OS kernel, providing a strong assurance of security. This paper shows that enforce...
متن کاملDesign of the EROS Trusted Window System
Window systems are the primary mediator of user input and output in modern computing systems. They are also a commonly used interprocess communication mechanism. As a result, they play a key role in the enforcement of security policies and the protection of sensitive information. A user typing a password or passphrase must be assured that it is disclosed exclusively to the intended program. In ...
متن کاملEnforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients
Existing approaches for protecting sensitive information stored (outsourced) at external “honest-but-curious” servers are typically based on an overlying layer of encryption that is applied on the whole information, or use a combination of fragmentation and encryption. The computational load imposed by encryption makes such approaches not suitable for scenarios with lightweight clients. In this...
متن کاملThe EROS Trusted Window System
Window systems are the primary mediator of user input and output in modern computing systems. As a result, they play a key role in the enforcement of security policies and the protection of sensitive information. A user typing a password or passphrase must be assured that it is disclosed exclusively to the intended program. The interprocess communication functionality that underlies “cut and pa...
متن کامل