This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
An Analysis of the Intel 80×86 Security Architecture and Implementations
May 1996 (vol. 22 no. 5)
pp. 283-293

Abstract—An in-depth analysis of the 80×86 processor families identifies architectural properties that may have unexpected, and undesirable, results in secure computer systems. In addition, reported implementation errors in some processor versions render them undesirable for secure systems because of potential security and reliability problems. In this paper, we discuss the imbalance in scrutiny for hardware protection mechanisms relative to software, and why this imbalance is increasingly difficult to justify as hardware complexity increases. We illustrate this difficulty with examples of architectural subtleties and reported implementation errors.

[1] R.K. Agarwal, 80×86 Architecture andProgramming. Prentice Hall 1991.
[2] R.K. Bauer, R.J. Feiertag, B.L. Kahn, and W.F. Wilson, "Security Concepts for Microprocessor-Based Key Generator Controllers," Sytek Corporation TR-84009 (contract MDA904-82-C-0449), Apr. 1984.
[3] S.D. Crocker, E. Cohen, S. Landauer, H. Orman, "Reverification of a Microprocessor," Proc. IEEE Computer Society Symp. Research in Security and Privacy,Oakland, Calif., pp. 166-176, 1988.
[4] W. Cullyer, "Implementing High Integrity Systems: The Viper Microprocessor," IEEE AES Magazine, May 1989.
[5] V.D. Gligor, "Analysis of the Hardware Verification of the Honeywell SCOMP," Proc. IEEE Computer Society Symp. Research in Security and Privacy,Oakland, Calif., pp. 32-43, 1985.
[6] J.D. Guttman, Hai-P. Ko, "Verifying a Hardware Security Architecture," Proc. IEEE Computer Society Symp. Research in Security and Privacy,Oakland, Calif., pp. 333-344, 1990.
[7] W.-M. Hu, “Reducing Timing Channels with Fuzzy Time,” Proc. IEEE Symp. Security and Privacy, pp. 8–20, 1991.
[8] R.L. Hummel, PC Magazine Programmer's Technical Reference: The Processor and Coprocessor.Emeryville, Calif.: Ziff-Davis Press, 1992.
[9] W.A. Hunt, "The Mechanical Verification of a Microprocessor Design," D. Borrione, ed., HDL Descriptions to Guaranteed Correct Circuit Diagrams. North-Holland, 1987.
[10] Microprocessors, Volume III: Pentium Processors, Order Number 241732, Intel Corporation, Santa Clara, Calif., 1994.
[11] Intel386 Microprocessor Family Programmer's Reference Manual, Order Number 230985, Intel Corporation, Santa Clara, Calif., 1989.
[12] Intel486 Microprocessor Family Programmer's Reference Manual, Order Number 240486-002, Intel Corporation, Santa Clara, Calif., 1992.
[13] Pentium Processor User's Manual, Volume 3: Architecture and Programming Manual, Order Number 241430-001, Intel Corporation, Santa Clara, Calif., 1994.
[14] Pentium Processor Specification Update, Order Number 242480-001, Intel Corporation, Santa Clara, Calif., 1995.
[15] J.J. Joyce, "Formal Verification and Implementation of a Microprocessor," G. Birtwistle and P.A. Subrahamanyam, eds. VLSI Specification, Verification, and Synthesis. Kluwer Academic Press, 1988
[16] P.A. Karger and R.R. Schell, Multics Security Evaluation: Vulnerability Analysis, Air Force Electronic Systems Division ESD-TR-74-193, vol. II, June 1974.
[17] P.A. Karger Personal Communication, Oct. 1994.
[18] B.W. Lampson, “A Note on the Confinement Problem,” Comm. ACM, vol. 16, no. 10, pp. 613–615, 1973.
[19] C. Landwehr et al., "A Taxonomy of Computer Program Security Flaws," Computing Surveys, Vol. 26, No. 3, Sept. 1994, pp. 211-255.
[20] B. Levy, I. Filippenko, L. Marcus, and T. Menas, "Using the State Delta Verification System (SDVS) for Hardware Verification," Theorem Provers in Circuit Design, pp. 337-360, North-Holland. 1992.
[21] T. Mathisen, "Pentium Secrets," Byte Magazine, vol. 19, no. 7, pp. 191-192, July 1994.
[22] N. McAuliffe, "Extending Our Hardware Base: A Worked Example," Proc. National Computer Security Conf.,Baltimore, Md, pp. 184-193, 1992.
[23] D. Methvin, "Compatible ... Or Not?," Windows Magazine, pp. 217-220, June 1994.
[24] Understanding x86 Microprocessors, (A collection of 99 articles from Microprocessor Report).Emeryville, Calif., Ziff-Davis Press, 1993.
[25] Final Evaluation Report: Honeywell Multics Release MR11.0, National Computer Security Center, NCSC Report CSC-EPL-85/003, Library No. S227,783, June 1986.
[26] Trusted Computer System Evaluation Criteria, National Computer Security Center, Dep't of Defense, DoD 5200.28-STD, Dec. 1985.
[27] E.J. Sebes, N. Kelem, T.C.V. Benzel, M. Bernstein, E. Cohen, J. Jones, J. King, M. Barnett, D.M. Gallon, and R. Zacjew, "The Architecture of Triad: A Distributed, Real-Time, Trusted System," Proc. National Computer Security Conf.,Baltimore, Md, pp. 184-193, 1994.
[28] O. Sibert, P.A. Porras, and R. Lindell, "The Intel 80×86 Processor Architecture: Pitfalls for Secure Systems," Proc. IEEE Symp. Security and Privacy,Oakland, Calif., pp. 211-222, 1995.
[29] M.K. Srivas and S.P. Miller, "Applying Formal Verification to a Commercial Microprocessor," Proc. ASP-DAC95/CHDL95/VLSI95 Asia and South Pacific Design Automation Conf., pp. 493-502, Aug. 1995.
[30] J.L. Turley, Advanced 80386 Programming Techniques.Berkeley, Calif.: Osbourne McGraw-Hill, 1988.
[31] F. Van Gilluwe, The Undocumented PC.Reading, MA: Addison-Wesley Publishing Company, 1994.
[32] P.J. Windley, "A Hierarchical Methodology for Verifying Microprogrammed Microprocessors," Proc. IEEE Computer Society Symp. Research in Security and Privacy,Oakland, Calif., pp. 345-357, 1990
[33] J. Wray, “An Analysis of Covert Timing Channels,” Proc. IEEE Symp. Security and Privacy, pp. 2–7, 1991.

Index Terms:
Hardware security architecture, hardware implementation error, microprocessor, computer security, penetration testing, covert channels.
Citation:
Olin Sibert, Phillip A. Porras, Robert Lindell, "An Analysis of the Intel 80×86 Security Architecture and Implementations," IEEE Transactions on Software Engineering, vol. 22, no. 5, pp. 283-293, May 1996, doi:10.1109/32.502221
Usage of this product signifies your acceptance of the Terms of Use.