Principles of Secure Processor Architecture Design

With growing interest in computer security and the protection of the code and data which execute on commodity computers, the amount of hardware security features in today's processors has increased significantly over the recent years. No longer of just academic interest, security features inside processors have been embraced by industry as well, with a number of commercial secure processor architectures available today. This book aims to give readers insights into the principles behind the design of academic and commercial secure processor architectures. Secure processor architecture research is concerned with exploring and designing hardware features inside computer processors, features which can help protect confidentiality and integrity of the code and data executing on the processor. Unlike traditional processor architecture research that focuses on performance, efficiency, and energy as the first-order design objectives, secure processor architecture design has security as the first-order design objective (while still keeping the others as important design aspects that need to be considered).

This book aims to present the different challenges of secure processor architecture design to graduate students interested in research on architecture and hardware security and computer architects working in industry interested in adding security features to their designs. It aims to educate readers about how the different challenges have been solved in the past and what are the best practices, i.e., the principles, for design of new secure processor architectures. Based on the careful review of past work by many computer architects and security researchers, readers also will come to know the five basic principles needed for secure processor architecture design. The book also presents existing research challenges and potential new research directions. Finally, this book presents numerous design suggestions, as well as discusses pitfalls and fallacies that designers should avoid.

Autorentext

Jakub Szefers research interests are at the intersection of computer architecture and hardware security. Jakubs recent projects focus on security verification of processor architectures; hardware (FPGA) implementation of cryptographic algorithms, especially post-quantum cryptographic (PQC) algorithms; Cloud FPGA security; designs of new Physically Unclonable Functions (PUFs); and leveraging physical properties of computer hardware for new cryptographic and security applications. Jakubs research is currently supported through National Science Foundation and industry donations. Jakub is a recipient of a 2017 NSF CAREER award. In the summer of 2013, he became an Assistant Professor of Electrical Engineering at Yale University, where he started the Computer Architecture and Security Laboratory (CAS Lab). Prior to joining Yale, he received Ph.D. and M.A. degrees in Electrical Engineering from Princeton University, where he worked with his advisor, Prof. Ruby B. Lee, on secure processor architectures. He received a B.S. with highest honors in Electrical and Computer Engineering from the University of Illinois at Urbana-Champaign.

Inhalt
Preface.- Acknowledgments.- Introduction.- Basic Computer Security Concepts.- Secure Processor Architectures.- Trusted Execution Environments.- Hardware Root of Trust.- Memory Protections.- Multiprocessor and Many-Core Protections.- Side-Channel Threats and Protections.- Security Verification of Processor Architectures.- Principles of Secure Processor Architecture Design.- Bibliography.- Online Resources.- Author's Biography.