Forgot your password?
typodupeerror

PS3 Cell Processor Security Architecture 54

Posted by Zonk
from the what's-this-little-shiny-thing-do dept.
hoyhoy writes "IBM Developerworks is discussing the PS3 Cell Processor Security Architecture today on Developerworks. It details the hardware level security for isolating processes that exists in the Cell processor's architecture." From the article: "The architecture's main strength is its ability to allow an application to protect itself using the hardware security features instead of the conventional method of solely relying on the operating system or other supervisory software for protection. Therefore, if the operating system is compromised by an attack, the hardware security features can still protect the application and its valuable data. As an analogy, consider the protection the supervisory software provides as the castle's moat and the Cell BE security hardware features as the locked safe inside the castle."
This discussion has been archived. No new comments can be posted.

PS3 Cell Processor Security Architecture

Comments Filter:
  • Intel equivalent (Score:5, Interesting)

    by IamTheRealMike (537420) <mike@plan99.net> on Tuesday April 25, 2006 @02:17PM (#15198666) Homepage
    For comparison, the Intel equivalent to this technique (allowing processes to shield themselves even from the kernel) is called LaGrande Technology [intel.com].

    I'm not really a fan of this sort of design - it seems to duplicate the purpose of the existing kernel/userspace security architecture, but I can appreciate the pickle we're in with de-facto standard kernels that allow anything to be loaded into them. Windows Vista 64 bit requires all kernel drivers to be signed: correctly so, in my opinion, but this doesn't help the huge 32 bit userbase today.

    • This component of Cell is not for windows, though this type of protection would greatly help windows users. The Cell processor is mainly driven with Linux and Unix I doubt M$ will support the architecture.

      --
      So who is hotter? Ali or Ali's siter?

    • Re:Intel equivalent (Score:4, Interesting)

      by flooey (695860) on Tuesday April 25, 2006 @02:30PM (#15198793)
      ...but I can appreciate the pickle we're in with de-facto standard kernels that allow anything to be loaded into them.

      I think it's more that the "pickle" is that the kernels are software, which is inherantly malleable. This type of security architecture isn't designed to protect the user from outside attackers, though it helps with that as a bonus. It's designed to protect the device from the legitimate user doing something the manufacturer doesn't intend (such as, for instance, decrypting movies or games and then saving them to a hard drive or running non-standard operating systems).
      • The fact that software is malleable is a two-sided coin: most people who end up with their machine modified in the ways this technique helps deal with are the victims of malware and viruses.

        Regardless of what you believe it was designed for, the only things that actually matter are what it actually does. It's like saying that asymmetric crypto was designed so the military could hide secrets from civilians. Sure they use it for that, does that mean cryptography is bad? No.

        Likewise, look at it from the pe

    • Signed drivers won't matter in this situation. If the chip is going in the PS3, then I'd hope Sony has a decent handle on the hardware that's going in there with it. I'd also hope that they're competant enough to write an operating system with drivers that take correctly catalogue the hardware and it's functionality. The foray of Kernels doesn't really matter when you have a static configuration in terms of hardware and OS.
      • Yes, signed drivers won't mater in this situation. On the other hand, IBM is hoping to use this chip in lots of other applications, which is why TFA on IBM's site is entitled "The Cell Broadband Engine processor security architecture" and doesn't mention the PS3.
  • Then... (Score:4, Funny)

    by frosty_tsm (933163) on Tuesday April 25, 2006 @02:19PM (#15198687)
    Imagine the Princess inside that Castle.

    ... or another castle.
  • Uhh....whaaat? (Score:4, Interesting)

    by HaloZero (610207) <protodeka@@@gmail...com> on Tuesday April 25, 2006 @02:29PM (#15198785) Homepage
    Ok, so, I get it. The PS3 will have a processor that has an instruction set dedicated to protected the threads of a program from infiltration by something that has already compromised the operating system. The obvious advantage is the protection of the data stored in those threads at a time of either pre or post processing.

    That sounds like a great technology. Truly. If used for the right purposes.

    WHY are you implementing it on a GAME CONSOLE? (I'm also a little scared of the wording '...allow an application to protect itself... - we're writing sentience into these things, now, too? Might cause some ethical issues with first-person shooters..)

    I'd love that sort of protection on a kiosk machine, something we'd send to a trade show, or even the laptops employed by our sales force. But the PS3? Nothing mission-critical is going to happen on the PS3. Nothing. Wait, wait.. I think I figured it out...

    Digital Rights Management. Gotcha, gotcha. Thanks, Sony. It's nice to know that the PS3 will have an anti-modchip on it from the getgo.
    • Re:Uhh....whaaat? (Score:4, Informative)

      by RingDev (879105) on Tuesday April 25, 2006 @02:34PM (#15198818) Homepage Journal
      The Cell processor has much wider market desires then just the PS3. It is likely that the PS3 will not take this feature as an advantage, but the feature will be there for Linux based Cell Processor servers. In those kinds of system, memory protection can be extremely important.

      -Rick
      • Actually considering that the system will most likely have a network connection and some form of persistant storage, Sony might just use this feature to help keep unauthorized access (i.e. anything they haven't approved) to a minimum.

        Wouldn't be surprised if this helped limit potential Homebrew activity.
        • That is actually one of my concerns as a (PC) game modder. A lot of 3rd party add-ons for video games live by reading the game's memory. Depending on how this new feature operates, it could block off an entire array of 3rd party modifications to games.

          -Rick
          • From what I could see it looks like this is something that a given application would have to turn on.

            Hopefully most mod-friendly games won't. On the other hand, as another poster mentioned, if this can help eliminate mods for on-line multiplay, then it might be a good thing if it can be enabled under certain circumstances.

          • A lot of 3rd party add-ons for video games live by reading the game's memory.

            Really? The only such app I've seen was a cheat program. Usually mods change the game's datafiles.
    • Re:Uhh....whaaat? (Score:5, Insightful)

      by IamTheRealMike (537420) <mike@plan99.net> on Tuesday April 25, 2006 @02:37PM (#15198847) Homepage
      If you had RTFA you'd know this isn't about mod chips - the article explicitly states that this kind of protection is not about resisting hardware attacks and only concerns software.

      WHY are you implementing it on a GAME CONSOLE?

      Maybe because the Cell is designed to be used for more things than just the PlayStation?

      • Re:Uhh....whaaat? (Score:3, Insightful)

        by frostfreek (647009)
        Zonk is contributing to his confusion by posting "PS3 Cell Processor Security Architecture" instead of "Cell Broadband Engine ..."
      • WHY are you implementing it on a GAME CONSOLE?

        Maybe because the Cell is designed to be used for more things than just the PlayStation?


        Correct answer, incorrect question.

        Question is: why did Sony choose to put a Cell processor--an architecture that's substantially different from what they used before, and that contains features superfluous to the goals of a gaming console--in their upcoming gaming consoles?

        Optional bonus question: why did Slashdot title this story "PS3 CELL PROCESSOR Security Architecture"
        • Re:Uhh....whaaat? (Score:3, Insightful)

          by powerlord (28156)
          Answer: Sony is invested in the Cell architecture along with IBM and hopes it will make a good core for a multi-media hub, by pushing chip holding multiple cores that can handle parallellized multimedia transformations quickly. Time will tell if IBM and Sony got this one right.

          Obligatory Bonus Answer: Slashdot editors can't usually be bothered to RTFA or edit. :)

          Alternate Bonus Answer: Most readers might recognize "PS3" over "Cell Processor" and wonder what the latter has to do with their lives, while th
      • I think the article was taking the academic, cautious approach here. A hardware attacks (modchips) on this system are theoretically possible. However you would have to attach directly to the processor's internal bus.

        This would mean attaching to 90nm wires at 3.2 Gigs; that is it going to make mod chips a bit harder.

        (The Xbox modchips use a 33Mhz bus and existing solder points on the motherboard (i.e. a 100 times slower and over a 1,000 times larger)
      • The xbox has been hacked only using software - it's a valid place to start hacking the ps3
    • WHY are you implementing it on a GAME CONSOLE?

      Um, because the Cell isn't just a game console processor, it's a multi-purpose vector processor.

      IBM, Sony, and... who's the other person working on it? I forget. Anyways, the people involved each want it for various purposes. Yes, Sony wants to use it in the PS3, but IBM wants to do some serious work with the Cell and potentially replace POWER with it.
    • The lofty goals for the cell processor have it being used in everything from tv's to your microwave. The purpose of this security is to have all of those appliances have the ability to lease out their processing power to other appliances in the event one of them requires it.

      Imagine yourself encoding a movie, and your neighbor's ps3 helps you out because it isn't in use... would you like your neighbor having the ability to see what your encoding? Nah, and I'm not saying that this technology will be used in t
  • Concise summary (Score:3, Interesting)

    by DeadCatX2 (950953) on Tuesday April 25, 2006 @03:32PM (#15199303) Journal
    1) The Cell supports a Secure Processing Vault. This is basically hardware-based memory protection; since the OS is software, and software can be compromised, so can the OS. The hardware can't be compromised so easily, so you load up a SPE with some code and data, and then it engages its own memory protection, preventing anyone from reading/writing its memory until it's done, by which time it deletes the important information. So you can't peek at the decrypted results, because they're encrypted when they're loaded, and the decrypted results are deleted when it's done doing its work (which work gets re-encrypted before it leaves the SPE). There's a small communication channel left open, and it's the SPE's duty to protect it.

    2) It also has a Runtime Secure Boot. This involves using a cryptographically signed BIOS. This verifies that the BIOS is trusted. From here, any time control is handed over to another program, it first must be cryptographically verified. This prevents unauthorized or compromised code from executing.

    3) Once you've securely booted and your SPE is in isolation mode, protected from the eyes of other threads, you have access to The Root Key. The Root Key is stored in hardware, can't be accessed by software, and is used to decrypt other keys. These other keys are then used to do encryption in an individual SPE.

    So, we make a key, stick it in some flip flops that you can't read, isolate an SPE to provide memory protection, and then authenticate each and every piece of code from the BIOS through to the currently executing thread. Everything going in is encrypted, isolated when the work is being done, and gets re-encrypted before leaving to the next module, all using encrypted keys. Pretty thick stuff.
  • Kernel, Executive, Supervisor, User modes, all with their own protected address space. Kernel for the OS, Executive for the drivers, Supervisor for scripts, and User for images with page-in activation.

    Now, where have we all heard that before? VMS suffered from some pretty cruddy hardware (hey, that was then) but at least buffer overflows were not exploitable.

    Nothing new under the sun, move along, nothing to see here.

If it's worth doing, it's worth doing for money.

Working...