SecureBlue++: CPU Support for Secure Executables

To protect software and data against vulnerabilities and malware, we describe simple extensions to the Power Architecture for running Secure Executables. By using a combination of cryptographic techniques and context labeling in the CPU, these Secure Executables are protected on disk, in memory, and through all stages of execution against malicious or compromised software, and other hardware. We show that this can be done without significant performance penalty; additionally, our transparency-focused approach maintains ease of software deployment. Secure Executables can run simultaneously with unprotected executables; existing binaries can be transformed directly into Secure Executables by re-linking. Moreover, Secure Executables can safely make use of system calls provided by an untrusted operating system. In sum, we show that a simple set of processor modifications suffices to provide secure execution in an untrusted environment, without significant changes to the executable.

By: Rick Boivie, Peter Williams

Published in: RC25369 in 2013

rc25369.pdf

Questions about this service can be mailed to reports@us.ibm.com .