Secure Processing Flashcards
What is secure processing?
A mechanism for ensuring confidentiality, integrity, and the availability of software code and data as it is executed in volatile memory.
In HUMAN language, it means the way to protect the processed information that’s being executed in your volatile memory.
Processor Security Extensions
Low-level CPU changes that enable secure processing. Built into the processor.
AMD = Secure Memory Encryption (SME), Secure Encrypted Virtualization (SEV) Intel = Trusted Execution Technology (TXT), Software Guard Extensions (SGX)
Note: This is all you need to know about them for the exam.
Trusted Execution
The CPU’s security extensions invoke the TPM to ensure that a trusted operating system is running.
Secure Enclave
An extension that allow a trusted process to create an encrypted container for sensitive data.
This helps prevent buffer overflow attacks, and can store encryption keys and other sensitive data inside the secure enclave.
Note: Once we have a trusted operating system, we can create a secure enclave to store the sensitive data.
Atomic Exectution
Certain operations that should only be performed once or not at all, such as initializing a memory location.
There are extensions in place to ensure that these atomic executions can not be re-used or hijack an atomic execution.
Bus Encryption
Note: Data Bus
Data is encrypted by an application prior to being placed on the data bus.
In order for this to work, we have to ensure the device at the receiving end is also trusted to decrypt the data.
Note: A data bus is a system within a computer or device, consisting of a connector or set of wires, that provides transportation for data. Different kinds of data buses have evolved along with personal computers and other pieces of hardware.