Introduction to the Citadel Architecture: Security in Physically Exposed Environments

This document is an introduction to the Citadel architecture. It addresses the means by which systems can be protected from compromise due to physical attacks.

This work is part of a project in the Distributed Security Systems group in the Research Division. It draws upon architectural ideas from the IBM Transaction Security System [IBM91], the IBM Integrated Cryptographic Feature [lBM90b], and from previous work on secure processors in the Research Division.

This architecture is intended to be independent of the particular computing system, and computing environment, in which it is used. We will, however, use it as a basis for developing a prototype secure processor for an IBM PS/2 running under the OS/2 operating system.

Substantial changes from the previous version of the document are marked by bars to the left of the text, as on this paragraph. Minor typographical and punctuation corrections are not marked.


Published in: RC16672 in 1991


This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.


Questions about this service can be mailed to .