Prof. Jakub Szefer, Computer Architecture and Security Laboratory, Dept. of Electrical Engineering, Yale University.
The objective of this tutorial is to present the principles of secure processor architecture design to the audience. At the heart of each computing system there are one or more processors that execute programs and manipulate the data, some of which may be sensitive, such as medical records or trade secrets. As silicon real estate has become more and more abundant, over the years, processor architects have added new dedicated hardware security features to accelerate cryptographic protections, but more importantly, to provide protections for the code and data. The tutorial will overview the so-called “secure processor architectures”, present design patterns that can be gleaned from the existing research works, and will derive the principles that inform design of the secure processor architectures. Adding security features in hardware has certain challenges, and the tutorial will aim to highlight these – and the common solutions. Defining of what has to be secured and how is often a subjective choice based on qualitative arguments, unlike quantitative choices that computer architects are often used to making, so the tutorial will cover common threat models and how they have been addressed. Moreover, once made, the hardware cannot be easily changed necessitating careful design of the security features in the first place – the tutorial will aim to educate the audience about the features that the secure processor architectures should contain.
Information will also be included about features found in Intel SGX, ARM TrustZone and new AMD memory encryption technologies. The tutorial, however, is not meant as a tutorial about specific industry processors, rather, it is a research-focused summary of the basic principles of secure processor architecture design developed by computer architects, including the tutorial presenter, over many years and which now are finally finding their way into commercial products.
The tutorial is based on a book recently published by the presenter. This tutorial will complement the book with new material, while the book gives a more in-depth discussion of the topics covered in the tutorial. It is available for purchase, or many univesities provide free PDF version of the book through their electronic subscriptons.
Tutorial slides will be posted during the tutorial day for participants to download.
This tutorial is an updated version of a tutorial previously presented at HOST 2018 and HiPEAC 2019.