Hardware Interlocks for Securing Software Executables

The Secure Software Platform (SSP) is a hardware-facilitated secure computing environment for networked embedded systems. It is an architectural augmentation for standard microprocessors that enables secure program distribution and execution on modern multiprocessing operating systems such as Linux. The architecture consists of two major functional units: the encryption management unit (EMU) and the secure key management unit (SKU). The EMU is responsible for just-in-time memory-page-level decryption of secure executables running on the SSP. The SKU builds the decryption keys for the EMU using credential securely provided by an authorized user according to a key management scheme. This structure permits a security framework that explicitly trusts only hardware and augments existing process isolation mechanisms (such as memory management) controlled by the operating system.