Given the number of data breaches and amount of information stolen from computer networks, it’s clear that conventional computer architectures do not adequately support cybersecurity. According to a study sponsored by IBM, businesses have a one-in-four chance of having their data security breached, costing an average of $3.6 million.
In light of these concerning statistics, Army scientists and engineers have developed a microprocessor computer system for secure, high-assurance, safety-critical computing.
The architecture leverages an array of cache controllers and cache bank modules, with the latter comprising cache bank hardware permission bits and memory cell hardware permission bits for managing access to system resources. The design also includes a computer security framework subsystem of a hierarchy of access layers in which the top layers are completely trusted, and the lower layers are moderately trusted to completely untrusted.
The top layers comprise a trusted operating system layer that manages and controls system resources, the cache bank hardware permission bits and the memory cell hardware permission bits. The cache bank hardware permission bits and the memory cell hardware permission bits define limits for a hardware execution security mechanism for less trusted to completely untrusted software. Exceeding the bounds of the security mechanism results in a hardware exception, and blocking all attempts to access or modify resources outside the security mechanism.
This technology described in US application number 20170300719 is related to US patent 9,122,610. The ‘719 application illustrates how the hardware, operating system, and application software all work together to create a more secure computer system. It extends and improves the hardware permission bits to make their use more efficient. The cache bank to execution pipeline interface was also improved in this application.
- Hardware and computer security framework subsystems comprise an operating system friendly microprocessor computer architecture system, which completely separates control and data at the hardware level
- The system includes program instruction, data memory, register memory, and pipeline state memory modules all which are isolated from one another and perform memory read/write functions independently
- A cache bank lookup table reduces the number of memory bits required to hold the memory cell hardware permission bits
- System provides for real-time, zero overhead software debugging
- US application number 20170300719 available for license
- Potential for collaboration with Army researchers