Slashdot Mirror
PS3 Cell Processor Security Architecture
hoyhoy writes "IBM Developerworks is discussing the PS3 Cell Processor Security Architecture today on Developerworks. It details the hardware level security for isolating processes that exists in the Cell processor's architecture." From the article: "The architecture's main strength is its ability to allow an application to protect itself using the hardware security features instead of the conventional method of solely relying on the operating system or other supervisory software for protection. Therefore, if the operating system is compromised by an attack, the hardware security features can still protect the application and its valuable data. As an analogy, consider the protection the supervisory software provides as the castle's moat and the Cell BE security hardware features as the locked safe inside the castle."
I'm not really a fan of this sort of design - it seems to duplicate the purpose of the existing kernel/userspace security architecture, but I can appreciate the pickle we're in with de-facto standard kernels that allow anything to be loaded into them. Windows Vista 64 bit requires all kernel drivers to be signed: correctly so, in my opinion, but this doesn't help the huge 32 bit userbase today.
Imagine the Princess inside that Castle.
... or another castle.
--
So who is hotter? Ali or Ali's siter?
Ok, so, I get it. The PS3 will have a processor that has an instruction set dedicated to protected the threads of a program from infiltration by something that has already compromised the operating system. The obvious advantage is the protection of the data stored in those threads at a time of either pre or post processing.
That sounds like a great technology. Truly. If used for the right purposes.
WHY are you implementing it on a GAME CONSOLE? (I'm also a little scared of the wording '...allow an application to protect itself... - we're writing sentience into these things, now, too? Might cause some ethical issues with first-person shooters..)
I'd love that sort of protection on a kiosk machine, something we'd send to a trade show, or even the laptops employed by our sales force. But the PS3? Nothing mission-critical is going to happen on the PS3. Nothing. Wait, wait.. I think I figured it out...
Digital Rights Management. Gotcha, gotcha. Thanks, Sony. It's nice to know that the PS3 will have an anti-modchip on it from the getgo.
Informatus Technologicus
For instance, consider this:
Personally I wouldn't trust my CC number to an unknown Windows machine these days. SSL/TLS wire security just isn't secure anymore when it's so easy to intercept the data before it's ever encrypted.
Consider - hardware process protection would theoretically allow for Linux-compatible DRM. Right now Windows Media DRM uses the "secure audio path" to try and prevent people using malicious audio drivers to trivially dump the decrypted audio out of the player. Linux has no equivalent, fundamentally cannot, however these kind of hardware features could allow it to get such a thing without breaking the GPL (because the operating system can be GPLd and therefore "untrusted" but the player would not have to trust it to work...)
Anyway, like most technologies, it cuts both ways. It has uses you'll disagree with and others you will want. Just deal with it.
There's a third possibility you ignore: that DRM reduces software sales. I'm not aware of any credible research on the topic, but I know that there are albums I plan to buy from the iTunes Music Store, but only if JHymn is fixed to allow me to strip the DRM. Similarly, I've skipped buying CDs as soon as I saw the "rootkit inside" warning on the packaging.
As for the PS3, if it's secure enough to prevent cheat systems like Action Replay Max, that's going to have an impact on sales. Other than that and DRMed media playback, I can't really see any point in a complicated security system for a console--it's not like PS2 viruses or rootkits are a problem.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
a) If your machine is rooted, it's trivial to tap the keyboard. Process "iexplore.exe" getting a number that looks like a CC#?
b) If you are running Windows, you still won't know. The chain of trust runs downwards, your apps trust Windows which again trusts the TCPA. Whatever Windows does, you'll never know. And if you don't run Windows, then it's pretty hard to hide something in plain sight code.
c) I'd wager more on the ubiquitousness of piracy to change things. Have you read the stats on the young generation? Have you looked at the connections future generations will be on?
d) "Consider - hardware process protection would theoretically allow for Linux-compatible DRM. Right now Windows Media DRM uses the "secure audio path" to try and prevent people using malicious audio drivers to trivially dump the decrypted audio out of the player. Linux has no equivalent, fundamentally cannot, however these kind of hardware features could allow it to get such a thing without breaking the GPL (because the operating system can be GPLd and therefore "untrusted" but the player would not have to trust it to work...)"
So, how to you intend to access the output device? Magic kernel pixies, perhaps? All implementations I've seen would require the kernel to be signed - which means it can't be changed and replaced. Basicly it renders the GPL meaningless because all your protected media would cease to function.
Live today, because you never know what tomorrow brings
It's true I ignored this possibility. The only hard statistics I've seen on this have been done by (drumroll) copy protection vendors, nonetheless, they are at least somewhat pseudo-scientific which is more than the purely anecdotal evidence I've seen to support the opposing view. Essentially copy protection vendors claim that the sales you lose through piracy drop off as time goes by, so for instance if a crack is developed a year after the game comes out nobody really cares (partly because sales are much lower then anyway), but if one comes out a week after it's launched that'll have a big impact. The idea is some people wait for a crack and if one doesn't appear they will "crack" themselves and go buy it.
Trustworthy source? Of course not. But it makes intuitive sense and these appear to be the only repeatable studies done so far.
Alternatively you can also trust the market. Copy protection costs money to implement, presumably after 20 years of widespread software distribution if it was really a dead cost somebody would have realised by now and trailblazed their way across the market with their no-copy-protection policy. I don't see many vendors doing that.
I'm the same! I don't buy things from iTMS because I use Linux and my phone rather than an iPod for portable music.
So I do things the old way and buy CDs instead. Believe me, I don't like todays DRM either, but given a choice between FairPlay/Windows Media being the de-facto standards or having some kind of openly published system that doesn't rely on obscurity (which is what this sort of technology might provide) then I'll go for the latter any day.
You're implying anti-cheat technology reduces sales? I'd be surprised if that was true, most people I know hate game cheats.
As to your final point - PS2 didn't have network access. PS3 does.
I'd be interested to see an actual implementation of that. But anyway, this is why LaGrande/Cell Security include "measured boot", so the program can check that the system hasn't been rooted.
That's not how it works. Your app trusts some piece of hardware (for instance, the TPM, or some Cell specific thing) and asks it for a "measurement" which proves cryptographically that a "trusted" operating system is running. Once the app has checked that it trusts the operating system it sends the data downwards.
That'll provide the incentive to change, it won't provide the solution. The only solution that is being credibly pushed right now is ubiquitous DRM. Other schemes like tip jars and so on have not really taken off.
I'd really like to see a credible economic solution - a programmer would call copyright a "hack" because it kludges supply and demand on top of stuff that fundamentally doesn't obey those rules, simply because that's all capitalism can deal with. But I'm not an economist and if there is any research being done in this field, I'm not aware of it.
If you read the article then you can see the way it's intended to be used ... the SPEs decrypt data then either re-encrypt it (eg for multiplayer network packets) or use DMA to move it directly to the output device. The operating system is not involved. I don't know how LaGrande works but it's likely to be either by having "trusted" operating systems that effectively promise not to reroute the audio elsewhere, or by having some similar kind of DMA scheme and sound/video cards that can decrypt video data directly.
1) The Cell supports a Secure Processing Vault. This is basically hardware-based memory protection; since the OS is software, and software can be compromised, so can the OS. The hardware can't be compromised so easily, so you load up a SPE with some code and data, and then it engages its own memory protection, preventing anyone from reading/writing its memory until it's done, by which time it deletes the important information. So you can't peek at the decrypted results, because they're encrypted when they're loaded, and the decrypted results are deleted when it's done doing its work (which work gets re-encrypted before it leaves the SPE). There's a small communication channel left open, and it's the SPE's duty to protect it.
2) It also has a Runtime Secure Boot. This involves using a cryptographically signed BIOS. This verifies that the BIOS is trusted. From here, any time control is handed over to another program, it first must be cryptographically verified. This prevents unauthorized or compromised code from executing.
3) Once you've securely booted and your SPE is in isolation mode, protected from the eyes of other threads, you have access to The Root Key. The Root Key is stored in hardware, can't be accessed by software, and is used to decrypt other keys. These other keys are then used to do encryption in an individual SPE.
So, we make a key, stick it in some flip flops that you can't read, isolate an SPE to provide memory protection, and then authenticate each and every piece of code from the BIOS through to the currently executing thread. Everything going in is encrypted, isolated when the work is being done, and gets re-encrypted before leaving to the next module, all using encrypted keys. Pretty thick stuff.
:(){
Care to elaborate? Your comment is anonymous and fairly generic.
Slashdot - where whining about luck is the new way to make the world you want.
Most people I know like single-player game cheats, and cheats for multi-player-single-console (non-networked) party type games, because both usually allow more freedom in enjoying the game (eliminate tedious "unlocking", give new options, etc.)
Add in that it sounds an awful lot like bad marketing, and you've got yourself and obnoxious hat-trick.
Heya Quinn ;) Yeah, I don't mind single player cheats, I was thinking of multiplayer online cheats ... if everybody involved is happy with the new rules then why not ?
Now, where have we all heard that before? VMS suffered from some pretty cruddy hardware (hey, that was then) but at least buffer overflows were not exploitable.
Nothing new under the sun, move along, nothing to see here.
Do not mock my vision of impractical footwear
As always, thoughts, questions, rude remarks? (My favorite quote from a HS teacher, many years ago)
2^3 * 31 * 647
If you are any type of game/graphics/engineering/media engineer you want one of these Cell systems NOW.
Yeah, single precision floating point is just what you need in engineering you astroturfing little fuckstain.