The Intel 80/spl times/86 processor architecture: pitfalls for secure systems

  title={The Intel 80/spl times/86 processor architecture: pitfalls for secure systems},
  author={Olin Sibert and Phillip A. Porras and Robert Lindell},
  journal={Proceedings 1995 IEEE Symposium on Security and Privacy},
An in-depth analysis of the 80/spl times/86 processor families identifies architectural properties that may have unexpected, and undesirable, results in secure computer systems. In addition, reported implementation errors in some processor versions render them undesirable for secure systems because of potential security and reliability problems. We discuss the imbalance in scrutiny for hardware protection mechanisms relative to software, and why this imbalance is increasingly difficult to… 

Figures from this paper

Cache-based vulnerabilities and spam analysis

The motivation for this work was to produce and make available quantitative results to efficiently prevent spam, as well as to provide a better understanding of the behavior of spammers.

Microarchitectural Attacks and Countermeasures

The advances in the field, more specifically, the desire to develop secure execution technologies such as AMD's Pacifica, Intel's virtualization technology (VT) and trusted execution technology (TXT) (codenamed LaGrande technology or LT for short) play an important role to increase the security analysis of daily life computer platforms.

A framework for dynamic subversion

It is shown that it is not difficult for an attacker to implement the framework for the 'two-card loader' type of subversion, a trap door which enables the insertion of arbitrary code into the operating system while the system is deployed and running.

Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor

An analysis of the virtualizability of all of the approximately 250 instructions of the Intel Pentium platform and address its ability to support a VMM.

Predicting Secret Keys Via Branch Prediction

A new software side-channel attack enabled by the branch prediction capability common to all modern high-performance CPUs, which allows an unprivileged process to attack other processes running in parallel on the same processor, despite sophisticated partitioning methods such as memory protection, sandboxing or even virtualization.

Yet another MicroArchitectural Attack:: exploiting I-Cache

This paper introduces Instruction Cache (I-Cache) as yet another source of microarchitectural attacks and presents the experimental results which clearly prove the practicality and danger of I-Cache Attacks.

Trusted Hardware: Can It Be Trustworthy?

Although major challenges still confront secure software system development, there has been substantial progress and the notions of trust and trustworthiness are presented and challenges to trusted hardware development are explored.

A multi-threading architecture for multilevel secure transaction processing

A TCB and security kernel architecture for supporting multi-threaded, queue-driven transaction processing applications in a multilevel secure environment is presented. Our design exploits hardware

What Might We Mean By "Secure Code" and How Might We Teach What We Mean?

  • C. Irvine
  • Computer Science
    19th Conference on Software Engineering Education and Training Workshops (CSEETW'06)
  • 2006
To add precision to the term "secure code," several concepts from the area of high assurance system development are introduced. These allow the cost, in terms of organizational damage, to information

Low-Level Attacks on Avionics Embedded Systems

This paper presents experiments carried out on an experimental embedded operating system in order to assess vulnerabilities in its low-level implementation layers.



Security Concepts for Microprocessor Based Key Generator Controllers.

This study investigates how the three disciplines of architecture, software verification, and security failure analysis can be applied in a mutually supporting manner such the resulting microprocessor based controller could be attested to provide the level of security and reliability needed for correct operation.

Verifying a hardware security architecture

  • J. GuttmanH. Ko
  • Computer Science
    Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1990
The main part of this study describes the use of the approach to specify and verify the security of the hardware architecture level of a hypothetical secure computing system.

Analysis of the Hardware Verification of the Honeywell SCOMP

  • V. Gligor
  • Computer Science
    1985 IEEE Symposium on Security and Privacy
  • 1985
An analysis of the verification approach used for the SCOMP hardware is presented herein and provides sufficient evidence to conclude that the SComP hardware forms a sound basis for the development of a security kernel.

A hierarchical methodology for verifying microprogrammed microprocessors

  • P. Windley
  • Computer Science, Engineering
    Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1990
A hierarchical methodology is presented for decomposing microprocessor verifications which reduces the necessary effort by more than an order of magnitude and produces a verified microengine that can be used to quickly implement verified microprocessors with varied architectures.

Reverification of a microprocessor

The authors have carried out a reverification of the FM8501 microprocessor using the State Delta Verification System, demonstrating that the verification community is capable of supporting its own results, drawing on the diversification of proof tools to provide independent validation of previous work.

A Taxonomy of Computer Program Security Flaws, with Examples

This paper provides a taxonomy for computer program security flaws together with an appendix that carefully documents 50 actual security flaws that provide a good introduction to the characteristics of security flaws and how they can arise.

Formal Verification and Implementation of a Microprocessor

This paper presents the specification of Gordon's computer in higherorder logic and a brief explanation of its formal verification, and describes several related examples of hardware verification based on Gordon’s computer and other microprocessor designs.

A taxonomy of computer program security flaws

This survey provides a taxonomy for computer program security flaws, with an Appendix that documents 50 actual security flaws that provide a good introduction to the characteristics of security flaws and how they can arise.

The Architecture of Triad: A Distributed, Real-Time, Trusted System

The background, design approach and tradeoffs, features, and architecture of the Triad system, a prototype trusted operating system development, are described.

Reducing timing channels with fuzzy time

  • Wei-Ming Hu
  • Computer Science
    Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1991
Fuzzy time has proven to be highly effective against the timing channels in the VAX security kernel, and does so at a much lower-than-anticipated performance cost.