1An Architecture of Security Management Unit for Safe Hosting ofMultiple AgentsTanguy Gilmont(1), Jean-Didier Legat, Jean-Jacques QuisquaterMicroelectronics Laboratory, Université Catholique de LouvainPlace du Levant 3, B-1348 Louvain-la-Neuve, BelgiumABSTRACTIn such growing areas as remote applications in large public networks, electronic commerce, digital signature, intellectualproperty and copyright protection, and even operating system extensibility, the hardware security level offered by existingprocessors is insufficient. They lack protection mechanisms that prevent the user from tampering critical data owned by thoseapplications. Some devices make exception, but have not enough processing power nor enough memory to stand up to suchapplications (e.g. smart cards).This paper proposes an architecture of secure processor, in which the classical memory management unit is extended into anew security management unit. It allows ciphered code execution and ciphered data processing. An internal permanentmemory can store cipher keys and critical data for several client agents simultaneously. The ordinary supervisor privilegescheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility. The result is asecure processor that has hardware support for extensible multitask operating systems, and can be used for both generalapplications and critical applications needing strong protection.The security management unit and the internal permanent memory can be added to an existing CPU core without loss ofperformance, and do not require it to be modified.Keywords: ciphered software, software protection, secure operating system, itinerant agent, crypto processor1. INTRODUCTIONNew applications in large public networks (like the Internet) need more security. In multimedia applications, programs thatwe will call agents are dynamically downloaded into a system at run-time to allow the processing of new objects (example:plug-in capabilities of browsers). This extensibility feature raises questions about the integrity of the system, the licensing ofthe agent, the protection and privacy of the objects manipulated by the agent:• the integrity of the system depends on the privilege given to the agent code. It is not always possible to trust programsobtained from sources such as a public network. The downloaded code may contain a virus (this does not only involvethe trust of the original source, but also the reliability of the network : the code can be modified during the transport), ora Trojan horse16. More likely, the code may contain errors and corrupt the system data. To avoid integrity hazard, theprivilege of the agent code should be restricted to the necessary domain;• the licensing of the agent concerns the protection of the code. The license limits the number of executions or the amountof execution time, the list of nodes where the program can be executed, and the list of services given by the program. Theuser should not be able to remove those limitations. Sometimes, reverse-engineering of the code should also beprevented;• the protection and privacy of the objects is a much more vague concept, as it depends on the nature of the object and theagent. In the case of applets, the author may want to keep the script secret, for example. The agent should then onlyprovide the result of its execution, and the system should not be able to access the script source.These security issues are also true for other applications like electronic commerce12,25 and database servers supportingitinerant agents or aglets29,30,31 from external clients. For example, in the case of electronic commerce, the object to protect isthe electronic currency stored in the system. From the agent’s point of view, the user should not be able to credit his accountillegally, without using the agent protocol. From the user’s point of view, his account should not be lost or tampered with byother applications running on the system.While a part of the protection can be done by software, the operating system (OS) needs sufficient hardware mechanisms toguarantee the system security. While existing processors found on workstations and database servers have adequate hardwareto offer basic protection in multitasking environment, they lack mechanisms which prevent the user(2) from tampering thesoftware or its data. That means that it is possible to ensure the system integrity, although it may be somewhat difficult to 1 e-mail: [email protected]; phone: (32)(10)478062; fax: (32)(10)4725982 by “user”, we mean any skilled person who has physical access to the computer, and who can modify the application software, the OS andeven parts of the hardware to achieved his malevolent goal.2build an extensible operating system. But it is impossible to ensure licensing and object protection, since any resolved usercan always go in supervisor mode and be granted access to any code and data by the processor.1.1. ContributionThis paper presents the architecture of a new hardware security management unit (SMU), which is an evolution of theclassical memory management unit (MMU) offering much stronger security mechanisms. Like the MMU, the SMU is addedto a CPU core, the result is a secure processor that has hardware support for extensible operating systems, and can be used forboth general tasks and critical applications demanding strong protection (from other programs and from the user). Programsthat run securely on smart cards can be executed in the secure processor with the same level of security, and profit by morememory and more processing power.The SMU allows the processor to run ciphered code and manipulate ciphered data. Its internal non-volatile memory (NVM)can be used to store cipher keys and critical data (like confidential information and electronic currency) for several clientagents simultaneously. The ordinary supervisor privilege scheme is replaced by a privilege inheritance policy that is moresuited to operating system extensibility. The protection mechanisms are transparent to the client agent programs, i.e. theyrequire no additional code.The SMU only allows the owner task to access its data in the NVM. It is impossible for the user to get any informationillegally, nor to modify the content of the NVM, even by altering the operating system. Since the user has no direct access tothe cipher keys, he cannot modify the client agents or reverse-engineer the code of the