Integrity Aware Architectures

Remote attestation provides a capability to query systems to determine if they are running trusted software or firmware. New technologies for integrity aware architectures provide the low level support to implement such integrity measures on a wide range of systems, including embedded processors.

Technologies like the Trusted Platform Module (TPM) enable remote attestation, but rely on a dedicated co-processor to perform the necessary integrity assumptions. Applications like Advanced Meter Infrastructure (AMI) in which electric power meters contain computers, communicate over digital networks, and are able to accept remote software updates, cannot easily provide remote attestation based on TPMs because of constraints like the cost of having a co-processor, which are considered excessive for this type of embedded processor application. However, advances in the design of security kernels and processors can address these challenges effectively.

Michael LeMay, a PhD student at the University of Illinois, has demonstrated a series of strategies for providing integrity guarantees based on technologies ranging from mote-sized coprocessors to compact software kernels to new hardware that supports integrity functions directly. The first work along these lines showed, for the first time, how to use security technologies to address the challenge of privacy for AMI. The idea was to use a TPM to assure integrity of the calculations on the meter so that demand response calculations could be done there as opposed to sending potentially sensitive data back to the meter data management agency. Utility companies that saw this work were generally accepting of the basic idea of giving them an integrity assurance for the software while keeping the data on the meter for privacy protections, but were skeptical of the use of the TPM. A second generation of work showed how similar assurances could be obtained with an inexpensive co-processor, and then, in a third generation of effort, how it could be done by implementing an integrity kernel on processors with a basic memory protection unit. A fourth generation of effort, embodied in LeMay’s dissertation, showed how features like the architectural support for the integrity aware kernel could be generalized to an integrity aware architecture in which the hardware is designed to explicitly support integrity functions in a compact set of extensions.

Dr. LeMay defended his dissertation in June of 2011. Here is a link to his home page.