SecurCore: Modern Hardware Security Approach

The increasing number of interconnected devices grows day by day and has slowly begun expansion into other consumer products. The need for safe, efficient, and reliable systems that meet modern user expectations has become increasingly important as a result. SoC engineers addressing these challenges must consider design tradeoffs such as available silicon area or clock speed for security purposes while still trying to maintain the desired specification. Security breaches in legacy systems were typically handled by application-layer software. However, the proven susceptibility of these systems has generated a push to design hardware with security in mind. SecurCore is a chip series manufactured by ARM that looks to meet these standards. Designed from the bottom-up with security in mind, it looks redefine how a modern, safe system should be designed.

SecurCore is designed using two main concepts: the principle of least privilege and a partitioning of the system into protected compartments. First, hardware and software resources are split up into two different worlds called the “Secure world” and “Normal world.” The Secure world is a trusted execution environment that only handles sensitive data and has access to the entire system plus a subset of private resources that only it can access. The Normal world is where casual user activity takes place. A common OS such as Windows lives here and functions as it would on any other end device. The OS kernel still manages system calls and has access to non-secure portions of the system. These two worlds are separated using hardware logic in the bus fabric by inclusion of a non-secure (NS) bit.

The NS bit is what the processor uses to differentiate between secure and non-secure activity, creating a mechanism that prevents the activity in the Normal world from affecting the Secure world. This mechanism also limits the direct memory access of peripheral devices that may attempt to access secure private data. It also simplifies cache memory management, as cache flushes between context switches are no longer necessary.

A security issue with multicore processors is that of shared resources. To mitigate this, SecurCore only utilizes a single core to process all data and provides two virtual cores: one for managing Normal world activity, the other for handling Secure transactions. Processor time is split between the two virtual cores in a time-sliced fashion managed by a hypervisor monitor, which creates the two worlds as virtual machines and provides a mechanism for safe context switching between the worlds through monitoring of the NS bit. The monitor also provides a single point of entry, eliminating the need for extraneous security processor cores from design.

The reach of SecurCore is to create an environment where casual and business activity can take place separately on a single device while providing robust security. This would be helpful in areas like the music business where producers could listen to new material while on the move instead of having to travel to a studio, or stockbrokers making trades while on a business trip. If the Normal world were to become compromised on the device, it still would not be able to access sensitive resources available in the Secure world. This fact makes it a good candidate for future implementation in consumer goods such as refrigerators, thermostats, etc.

Overall, SoC designers are provided greater flexibility when designing with a chip with built-in security such as SecurCore. Eliminating the need for independent security component allows for greater optimization of silicon area on the chip. The ARM chip uses larger transistors to lower dynamic power consumption by reducing supply voltage. They are also used to reduce subthreshold and gate leakage, therefore increasing reliability. However, larger transistors have a longer critical path, which decreases clock speed and performance. But this is a small tradeoff for now. The issue of leakage at small feature size may limit the progress of faster security devices in the future for reliability issues, but SecurCore is a step in the right direction with a bottom-up approach to secure system design.

Source: https://www.legacy.semiwiki.com/forum/content/3953-securecore-secure-mpu-iot.html

By Jason Ball and Terence Roby

The University of Mississippi Electrical Engineering Department introduced a Digital CMOS/VLSI Design course this semester. As part of this course, students researched a contemporary issue and wrote a blog article about their findings for presentation on SemiWiki. Your feedback is greatly appreciated.