researResearch - Télécom Bretagne
researResearch - Télécom Bretagne
researResearch - Télécom Bretagne
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
esearc<br />
<strong>researResearch</strong><br />
The work in this field is the same as that which<br />
led to the creation of the start-up, HPC Project,<br />
which currently employs 15 people and has<br />
Ronan Keryell as its Scientific Director.<br />
Architectures for Secure Execution<br />
In addition to the performance needs, we are<br />
witnessing an increase in the demand for greater<br />
security and safety. Unfortunately, the choices<br />
made in the material architectures have up to<br />
now favoured brute performance at the expense<br />
of security. If we wish to have very secure<br />
applications, smart cards can be used, but their<br />
performance levels are modest compared to<br />
classical processors which themselves are not<br />
particularly secure.<br />
Over the last decade, the team has taken an<br />
interest in the design of new processors which<br />
could include an additional secure operational<br />
mode capable of executing procedures<br />
independently of the operating system itself, and<br />
capable of resisting external physical attacks(to<br />
memory, bus, etc.). This is done by adding<br />
internal partitioning mechanisms and an<br />
efficient encryption and certification system<br />
between the cache of the processor and the<br />
external bus.<br />
This CryptoPage processor culminated with<br />
Guillaume Duc's thesis defence (Financed by the<br />
DGA). In his landmark work, he defined the<br />
processor architecture, completed hundreds of<br />
thousands of simulation hours, the portage for<br />
Linux and the compilation chain for such an<br />
architecture.<br />
This year has seen the end of the<br />
BGPR/SAFESCALE (2005-2008) project which<br />
involved INRIA Grenoble/LIG, Paris 13/LIPN, and<br />
IRISA and which aimed at designing a grid type<br />
execution architecture with a certified execution.<br />
The principle was to divide up the calculations<br />
into tasks, using KAAPI formalism and to replay<br />
certain tasks in a safe environment in order to<br />
compare the results and to detect any possible<br />
attacks or errors in a probabilistic manner. The<br />
team improved CryptoPage by adding a taskauthentication<br />
mode in order to be able to certify<br />
that a program compiled by a third party and run<br />
on another CryptoPage was indeed correct.<br />
Finally, given that programming in KAAPI is<br />
complex and quite far-removed from classical<br />
sequential programming, and given the<br />
competence of the team as regards parallelism<br />
and compilation, the other task this year has<br />
been to develop a compilation phase which would<br />
enable the generation of KAAPI/SAFESCALE<br />
code automatically, from any sequential source<br />
code. As of today, we have not yet achieved this<br />
goal.<br />
Work in this field is benefiting considerably from<br />
the collaboration within the TCP project with<br />
Telecom ParisTech, Telecom Sophia Antipolis and<br />
the start-up, Secure IC.<br />
Publications<br />
Articles in peer-review journals<br />
[1] Guillaume Duc, Ronan Keryell. Improving virus protection with<br />
an efficient secure architecture with memory encryption, integrity<br />
and information leakage protection. Journal in computer virology,<br />
may 2008, vol. 4, n° 2, pp. 101-113<br />
[2] Guillaume Duc, Ronan Keryell. CryptoPage : une architecture<br />
efficace combinant chiffrement, integrite memoire et protection<br />
contre les fuites d'informations. Technique et science<br />
informatiques, août 2008, vol. 27, n° 6, pp. 779-814<br />
92