SP Summary (with Authority Mode) by Levin, Timothy E.
Calhoun: The NPS Institutional Archive
Reports and Technical Reports All Technical Reports Collection
2007-09-18
SP Summary (with Authority Mode)
Levin, Timothy E.




















                                      Approved for public release; distribution is unlimited. 
 
Prepared for NSF and DARPA 










Timothy E. Levin 
 
 

























This page left intentionally blank 
 
 
NAVAL POSTGRADUATE SCHOOL 
Monterey, California 93943-5000 
 
 
Daniel T. Oliver                     Leonard A. Ferrari 
President                                                                                             Executive Vice President and 
         Provost 
 
 
This report was prepared for and funded by National Science Foundation and the Defense 




Reproduction of all or part of this report is authorized. 
 
 





________________________                                                
Timothy E. Levin  








________________________                                                ______________________________ 
Peter J. Denning       Dan C. Boger 
Department of Computer Science    Interim Vice President and 




























REPORT DOCUMENTATION PAGE 
 
Form approved  
 
OMB No 0704-0188 
Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching 
existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information.  Send comments regarding this 
burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, 
Directorate for information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA  22202-4302, and to the Office of Management 
and Budget, Paperwork Reduction Project (0704-0188), Washington, DC 20503. 
1.  AGENCY USE ONLY (Leave blank) 
 
2.  REPORT DATE 
      21 November 2007 
3.  REPORT TYPE AND DATES COVERED 
      Research;  10/1/06 – 10/1/07         
4. TITLE AND SUBTITLE 
    






    
   
6.  AUTHOR(S) 
       
Timothy E. Levin 
 
 
  Grant number: CNS-0430566  
                      and CNS-0430598 
  
7.  PERFORMING  ORGANIZATION NAME(S) AND ADDRESS(ES) 
Naval Postgraduate School  
Center for Information Systems Security Studies and Research (NPS CISR) 
1411 Cunningham Rd., Monterey, CA  93943 
8.  PERFORMING  ORGANIZATION 
     REPORT NUMBER 
          
                 NPS-CS-08-007 
9.  SPONSORING/MONITORING AGENCY NAME(S) AND 
ADDRESS(ES) 
 National Science Foundation, 4201 Wilson Blvd. 1175 N.  ArlingtonVA22230 
DARPA, 3701 Fairfax Drive, Arlington, VA 22203 
10.  SPONSORING/MONITORING 
       AGENCY REPORT NUMBER 
                Not applicable 
11.  SUPPLEMENTARY NOTES 
 
The views expressed in this report are those of the authors and do not reflect the official policy or position of the 






12a.  DISTRIBUTION/AVAILABILITY STATEMENT 
 
 Approved for public release; distribution is unlimited. 
 
12b.  DISTRIBUTION CODE 
 
                        
                          
 
 
13.  ABSTRACT (Maximum 200 words.) 
 






14.  SUBJECT TERMS 
 




15.  NUMBER OF  
PAGES      
              
               17 
 16.  PRICE CODE 
 
17. SECURITY CLASSIFICATION 
       OF REPORT 
       Unclassified 
18. SECURITY CLASSIFICATION 
       OF THIS PAGE 
       Unclassified 
19.  SECURITY CLASSIFICATION 
        OF ABSTRACT 
         Unclassified 
20.  LIMITATION OF 
      ABSTRACT  
      UU                                  
NSN 7540-01-280-5800                         Standard Form 298 (Rev. 2-89) 



































      
| Technical Report:  NPS-CS-08-007 






SP Summary (with Authority Mode)   
































This material is based upon work supported by the National Science Foundation 
under Grant No. CNS-0430566 and CNS-0430598 with support from DARPA 
ATO. Any opinions, findings, and conclusions or recommendations expressed in 
this material are those of the authors and do not necessarily reflect the views of 








Naval Postgraduate School:  
Timothy E. Levin  
Center for Information Systems Security Studies and Research 
Computer Science Department 
Naval Postgraduate School 
























This report provides summary of the interface and semantics for the processor extensions 
defined by the SP Processor [1][2] (where SP is the name of the design, which informally 
stands for “secret protected”).
S e p t e m b e r  1 8 ,  2 0 0 7   | w o r k i n g  n o t e  
  | 2 4  M a r c h  2 0 0 5  
SP Summary (with Authority Mode) 
Timothy E. Levin 
 
A. SP modes, modules and processing verification 
 A processor mode is entered via a corresponding SP “begin” instruction 
 SP is in a mode IFF SP is executing the corresponding type of module 
 Module instructions checked via inline hashes and corresponding key: 
Instruction Module Hash Key 
BEGIN_A-CEM A-TSM DRK 
BEGIN_U-CEM U-TSM DMK 
BEGIN_CIC I-TSM DRK  
 On return from an interrupt, InterruptHash of previous registers (uses DRK/DMK), 
and InterruptAddr (previous instruction) are checked; both values can be saved 
and restored by ring -2 to multiplex modes. Separate hash and addr values may be 
provided for each mode (A-TSM is not yet decided). 
B. SP-resident master secrets – arbitrary values, 2-words1 each 
 UserMasterKey –  UMK – read by UTSM; written only by lowest ring. Volatile 
storage 
 DeviceRootKey – DRK – stored by “secure bios,” and locked until the next power 
cycle.2  Non-volatile storage. 
 StorageRootHash– SRH – read and written by ATSM. Non-volatile storage. 
 DeviceMasterKey – DMK – stored by “secure bios,” and locked until the next power 
cycle.2  Non-volatile storage. 
C. SP transformation functions 
 Derive() –  2-word to 2-word crypto-hash function available to ATSM 
i. Based on DRK 
 CEM Load/Store() – Available to ATSM/UTSM 
i. Encrypt & hash one word on exit from processor cache– decrypt and check hash 
on load 
ii. Based on DRK/DMK 
 
                                                
1 Word size depends on the architecture: e.g., 32 or 64 bits, and whether multiple load instructions are to be 
used. 




Figure 1. Authority Mode Features 





Note that Table 3 uses obsolete names “Local Storage Hash” (SRH) and “DAK, which 
have been changed to “Storage Root Hash” (SRH), and DRK, respectively. 
Table 3. Authority Mode Instructions and Parameters 
Table 2. SP Instructions and Parameters 
 | SP Summary 
  
3 
Table 4. SP Internal Transformations (User and Authority Mode) 
Instruction Prerequisite  
State  








Active_CEM  - Encrypt registers in place 
- Store hash4 of concatenated, 
encrypted registers to 
CEM.IntHash 
- Store PC to CEM.RetAddr 









PC and GP 
registers 
Preserves 









CEM   
- Previous PC 
and GP registers 
loaded by 
software 
- If PC matches 
CEM.RetAddr6 then ( 
-- if  hash of GP registers 
matches CEM.IntHash then ( 
--- Decrypt registers in place;  
--- process PC)) 
Active_ CEM None Restores CEM 




                                                
3 HW interrupt or software exception 
4 IV for the register encryption will likely be stored with the hash. 
5 Any HW Jump or return from interrupt 
6 SP designers intend to introduce a feature to prevent accidental return to the PC address from a different 
address space, which could be handled in a few different ways, depending on OS support.  If hash check 
fails, SP will raise an exception. 
Figure 1. SP State Diagram (User Mode; Auth Mode not yet clear) 
 
 





[1] R. B. Lee, P. C. S. Kwan, J. P. McGregor, J. Dwoskin, and Z. Wang, 
“Architecture for protecting critical secrets in microprocessors,” in ISCA ’05: 
Proceedings of the 32nd annual international symposium on Computer Architecture, 
(Washington, DC, USA), pp. 2–13, IEEE Computer Society, 2005. 
[2] J. Dwoskin and R. B. Lee, "Hardware-rooted Trust for Secure Key Management 




 INITIAL DISTRIBUTION LIST 
 
 
1. Defense Technical Information Center     1  
Ft. Belvoir, VA  
 
2. Dudley Knox Library       1    
Naval Postgraduate School 
Monterey, CA   
 
3. Lee Badger        1 
DARPA 
Arlington, VA  22203 
 
4. Terry V. Benzel         1 
Information Sciences Institute 
University of Southern California 
Marina del Rey, CA 90292 
 
5. Ganesha Bhaskara       1 
Information Sciences Institute 
University of Southern California 
Marina del Rey, CA  90292  
 
6. Paul C. Clark        2 
Naval Postgraduate School 
Monterey, CA   
 
7. Cynthia E. Irvine        2 
Naval Postgraduate School 
Monterey, CA   
 
8. Timothy E. Levin        2 
Naval Postgraduate School 
Monterey, CA   
 
9. Karl Levitt        1 
National Science Foundation   
4201 Wilson Blvd.  
Arlington, VA  22230 
 
10. Thuy D. Nguyen        2 
Naval Postgraduate School 























This page left intentionally blank 
 
 
