The AEGIS Processor Architecture for Tamper-Evident and Tamper-Resistant Processing
Author(s)Suh, G. Edward; Clarke, Dwaine; Gassend, Blaise; van Dijk, Marten; Devadas, Srinivas
We describe the architecture for a single-chip AEGIS processor which can be used to build computing systems secure against both physical and software attacks. Our architecture assumes that all components external to the processor, such as memory, are untrusted. We show two different implementations. In the first case, the core functionality of the operating system is trusted and implemented in a security kernel. We also describe a variant implementation assuming an untrusted operating system. AEGIS provides users with tamper-evident, authenticated environments in which any physical or software tampering by an adversary is guaranteed to be detected, and private and authenticated tamper-resistant environments where additionally the adversary is unable to obtain any information about software or data by tampering with, or otherwise observing, system operation. AEGIS enables many applications, such as commercial grid computing, secure mobile agents, software licensing, and digital rights management. We also present a new encryption/decryption method that successfully hides a significant portion of encryption/decryption latency, in comparison to a conventional direct encryption scheme. Efficient memory encryption and integrity verification enable the implementation of a secure computing system with the only trusted component being a single-chip AEGIS CPU. Preliminary simulation results indicate that the overhead of security mechanisms in AEGIS is reasonable.