SecureBlue++: CPU Support for Secure Execution

IBM Research has been developing an innovative secure processor architecture that provides for verifiably, secure applications1,2. The architecture protects the confidentiality and integrity of information in an application so that ‘other software’ cannot access that information or undetectably tamper with it. In addition to protecting a secure application from attacks from “outside” the application, the architecture also protects against attempts to introduce malware “inside” the application via attacks such as buffer overflow or stack overflow attacks.

This architecture provides a foundation for providing strong end-to-end security in a network or cloud environment.

The architecture, which we call SecureBlue++, builds upon our SecureBlue secure processor technology3 which has been used in 10’s of millions of CPU chips to protect sensitive information from physical attacks. In a SecureBlue system, information is “in the clear” when it is inside the CPU chip but encrypted whenever it is outside the chip. This encryption protects the confidentiality and integrity of code and data from physical probing or physical tampering.

SecureBlue++ builds upon SecureBlue. Like SecureBlue, SecureBlue++ protects against physical attacks but SecureBlue++ uses “fine-grained” SecureBlue-like crypto protection that also protects the confidentiality and integrity of information in an application from all the other software on a system. Importantly, it does this in a way that is largely transparent to applications.

By: Rick Boivie

Published in: RC25287 in 2012

rc25287.pdf

Questions about this service can be mailed to reports@us.ibm.com .