Replay attacks are often the most costly attacks to thwart when dealing with off-chip memory integrity. With a trusted System-on-Chip, the existing countermeasures against replay require a large amount of on-chip memory to provide tamper-proof storage for metadata such as hash values or nonces. Tree-based strategies can be deployed to reduce this… (More)
Trusted computing platforms aim to provide trust in computations performed by sensitive applications. Verifying the integrity of memory contents is a crucial security service that these platforms must provide since an adversary able to corrupt the memory space can affect the computations performed by the platform. After a description of the active attacks… (More)
We present Bastion, a new hardware-software architecture for protecting security-critical software modules in an untrusted software stack. Our architecture is composed of enhanced microprocessor hardware and enhanced hypervisor software. Each trusted software module is provided with a secure, fine-grained memory compartment and its own secure persistent… (More)
Introduction Objective 9 Provide application memory authentication: What the application reads from a memory location is what it last wrote there.
—Secure processors have become increasingly important for trustworthy computing as security breaches escalate. By providing hardware-level protection, a secure processor ensures a safe computing environment where confidential data and applications can be protected against both hardware and software attacks. In this paper, we present a single-chip secure… (More)
À ma mère Lise et mon père Robert Merci d'avoir toujours cru en moi iv Abstract Security-critical tasks executing on general-purpose computers require protection against software and hardware attacks to achieve their security objectives. Security services providing this protection can be offered by mechanisms rooted in processor hardware, since its storage… (More)
Confidentiality and integrity of bitstreams and authenticated update of FPGA configurations are fundamental to trusted computing on reconfigurable technology. In this paper, we propose to provide these security services for digital content broadcast to FPGA-based devices. To that end, we introduce a new property we call forward security, which ensures that… (More)
Remote update of hardware platforms or embedded systems is a convenient service enabled by Field Programmable Gate Array (FPGA)-based systems. This service is often essential in applications like space-based FPGA systems or set-top boxes. However, having the source of the update be remote from the FPGA system opens the door to a set of attacks that may… (More)
The work reported here derives from Project 2.23 "I feel more confident when interpreting the … standards. My ability to set criteria, design appropriate tasks and develop scoring based on these standards was non-existent two weeks ago. Today, I have set criteria, modified tasks and developed scoring guides all based on two related … standards." (East Coast… (More)
SUMMARY Researcher with expertise in computer security, computer architecture, applied cryptography and hardware design and experience in both academia and industry. Interested in building trusted and efficient computing systems by combining cryptographic principles with advance in computer architecture and hardware design.