The Community for Technology Leaders
Green Image
<p>The authors sought to build a secure coprocessor—defined as a tamper-responding device derived from the Abyss, Citadel, and 4755 work—that would provide a single multipurpose platform third parties could use to develop and deploy secure coprocessor applications, with minimal IBM participation. The project had several goals: ensure that the device could be identified externally, design the device and its soft-ware to be securely configurable and updatable in the field, construct the software architecture to accommodate layers of code from different parties, avoid letting the compromise of one device breach any other's security, and validate all these assertions through an external party.</p><p>Providing an environment in which applications could run securely forced the designers to focus not only on security mechanisms and their implementation and management, but also on the security policies they must support. Clearly, the hardware on which applications run must be secure, as must the operating system and run-time environment in between, while offering a reasonable API for applications developers. To fix problems in the field and enable fast and inexpensive reaction to changing customer needs, the designers implemented part of the code as firmware rather than as read-only memory.</p><p>The 4758 project achieved most of its design goals. Currently, the authors are exploring other embedded processors, the addition of a network communication channel, and other form factors, including those appropriate for laptops.</p>
Ronald Perez, Joan G. Dyer, Reiner Sailer, Leendert van Doorn, Sean W. Smith, Mark Lindemann, Steve Weingart, "Building the IBM 4758 Secure Coprocessor", Computer, vol. 34, no. , pp. 57-66, October 2001, doi:10.1109/2.955100
89 ms
(Ver 3.3 (11022016))