Building a high-performance, programmable secure coprocessor

Secure coprocessors enable secure distributed applications by providing saf e havens where an application program can execute (and accumulate state), f ree of observation and interference by an adversary with direct physical ac cess to the device. However, for these coprocessors to be effective, partic ipants in such applications must be able to verify that they are interactin g with an authentic program on an authentic, untampered device. Furthermore , secure coprocessors that support general-purpose computation and will be manufactured and distributed as commercial products must provide these core sanctuary and authentication properties while also meeting many additional challenges, including: . the applications, operating system, and underlying security management ma y all come from different, mutually suspicious authorities; . configuration and maintenance must occur in a hostile environment, while minimizing disruption of operations; . the device must be able to recover from the vulnerabilities that inevitab ly emerge in complex software; . physical security dictates that the device itself can never be opened and examined; and . ever-evolving cryptographic requirements dictate that hardware accelerato rs be supported by reloadable on-card software. This paper summarizes the hardware, software, and cryptographic architectur e we developed to address these problems. Furthermore, with our colleagues, we have implemented this solution, into a commercially available product. (C) 1999 Elsevier Science B.V. All rights reserved.