About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
CCS 2009
Conference paper
Effective implementation of the cell broadband engine™ isolation loader
Abstract
This paper presents the design and implementation of the Cell Broadband Engine™ (Cell/B.E.) isolation loader which is a part of the IBM Software Development Kit for Multicore Acceleration [14]. Our isolation loader is a key component in realizing secure application boot and encrypted application execution. During the application load process, the isolation loader fetches, validates, and decrypts a Synergistic Processor Element (SPE) executable, establishing a chain of trust from the hardware to the application. Since not all applications are SPE executables, we also introduce a general solution. This is a verification service framework in which all applications including system functions can be verified by the isolation loader immediately before execution. We have applied several novel implementation techniques to the isolation loader. The countermeasure implemented in our isolation loader against the substituted-ciphertext attack is given and our staging technique to allocate contiguous working areas for applications is also introduced. The load overhead of this loader including application fetch, validation (RSA-2048/SHA-1), and decryption (RSA-2048 and AES) is less than 50 milliseconds on the 2.8 GHz IBM PowerXCell 8i processor. This overhead is reasonable compared with the 500-millisecond 2048-bit RSA signing needed by the Trusted Platform Module chips [3]. Copyright 2009 ACM.