i STATEMENT OF WORK For Multi-core and Cell Processors Security Investigation February 7, 2016 Rev. 2 Rev. 1 2/7/16 I. Background and Introduction In 2003, Sony, IBM and Toshiba created a design team to create a new multi-core processor. They chose to completely re-design much of the architecture previously found in consumer processors and designed the Cell Processor (www.________.com) . The Cell Processor is comprised of a Power PC main core and a variable number of support cores. As with any new architecture, the security concerns of the Cell Processor have not yet been fully explored. The key documented security features of the Cell processor include the secure processing vault, the runtime secure boot, and the hardware root of secrecy. The secure processing vault provides an environment that is completely isolated from every other thread running in the system. The information in this vault cannot be changed or seen. This allows for interesting applications Digital Rights Management; for example, a “digital movie content can be decrypted in, and played from, the vault without the danger of the content being compromised. The second security feature, the runtime secure boot, is a “technique whereby during power-on time, …, the code modules go through a cryptographic-based authentication check”. By verifying security of the initial root of the system, was can then use that root to verify the security of other entities. Finally, the hardware root of secrecy looks at the need for securing the root key of a system. This root key is the key used to begins the chain of unlocking other keys used in specific applications. In the Cell processor, this root key is embedded in the hardware and cannot be accessed through software; only a hardware decryption facility can read that key. Past research into multi-core processing security concerns have looked at things like data isolation between different cores, controlled information flows, covert timing, and digital rights management. Considering covert timing in multi-core processors is a very complex task, as there are many shared resources and the possibly for large bandwidth transfers over the channels. The Cell processor is set up with the secure processing vault, which appears to make digital rights managements much simpler, however this has yet to be fully tested. This project seeks to further this research, exploring the various areas of concern in the Cell Processor and testing some of these concerns. II. Scope of Work The scope of this project includes the research, analysis and testing of security concerns associated with the Cell Processor. The timeline for this project begins September 15, 2008, 2 Rev. 1 2/7/16 and ends April 15, 2008. These tasks shall be performed by the Hot Threads Senior Design Team, in conjunction with the University of Idaho Center for Secure and Dependable Systems, and is hereinafter referred to as the Team. Dr. Alves-Foss shall hereinafter be referred to as the Sponsor. III. Objectives A. Examine literature and list possible concerns The cell processor and its specific applications are largely unknown, and the security flaws are not yet identified. The initial phase of this project must be focused on understanding the architecture so as to be able to identify possible concerns. After reviewing the literature, the Team shall compile a list of possible concerns to be reviewed by the Sponsor. Completion Date: October 15, 2008 B. Identify those concerns that are of special note The list compiled in section A will almost certainly be an extensive one. However, as the time line and resources for this project are limited, the Team will compile a shorter list of concerns of special note. Said list should be made up of those elements that pose the greatest threat while still allowing for feasibility in our testing. This compressed list will be delivered to the Sponsor no later than the completion date. Completion Date: November 15, 2008 C. Design tests for the concerns of special note After reviewing the concerns of note in found in section B with the Sponsor, the Team will design and create tests for those concerns. The test shall be included in a testbed environment that will be delivered to the Sponsor at the conclusion of this project. Completion Date: December 15, 2008 D. Conduct tests on the specified concerns The tests created in section C shall be run extensively, with as many different scenarios as time allows. Completion Date: March 15, 2008 E. Create appropriate documentation on the results from tests Appropriate documentation on all concerns and tests shall be compiled for presentation at Engineering Expo and possible publication in a journal. Completion Date: April 15, 2008 3