PS3 Cell Processor Security Architecture 54
hoyhoy writes "IBM Developerworks is discussing the PS3 Cell Processor Security Architecture today on Developerworks. It details the hardware level security for isolating processes that exists in the Cell processor's architecture." From the article: "The architecture's main strength is its ability to allow an application to protect itself using the hardware security features instead of the conventional method of solely relying on the operating system or other supervisory software for protection. Therefore, if the operating system is compromised by an attack, the hardware security features can still protect the application and its valuable data. As an analogy, consider the protection the supervisory software provides as the castle's moat and the Cell BE security hardware features as the locked safe inside the castle."
Intel equivalent (Score:5, Interesting)
I'm not really a fan of this sort of design - it seems to duplicate the purpose of the existing kernel/userspace security architecture, but I can appreciate the pickle we're in with de-facto standard kernels that allow anything to be loaded into them. Windows Vista 64 bit requires all kernel drivers to be signed: correctly so, in my opinion, but this doesn't help the huge 32 bit userbase today.
Not for Windows (Score:1)
--
So who is hotter? Ali or Ali's siter?
Re:Intel equivalent (Score:4, Interesting)
I think it's more that the "pickle" is that the kernels are software, which is inherantly malleable. This type of security architecture isn't designed to protect the user from outside attackers, though it helps with that as a bonus. It's designed to protect the device from the legitimate user doing something the manufacturer doesn't intend (such as, for instance, decrypting movies or games and then saving them to a hard drive or running non-standard operating systems).
Re:Intel equivalent (Score:3, Interesting)
Regardless of what you believe it was designed for, the only things that actually matter are what it actually does. It's like saying that asymmetric crypto was designed so the military could hide secrets from civilians. Sure they use it for that, does that mean cryptography is bad? No.
Likewise, look at it from the pe
Re:Intel equivalent (Score:2)
Re:Intel equivalent (Score:2)
Re:Intel equivalent (Score:2)
Re:Intel equivalent (Score:2)
Re:Intel equivalent (Score:2)
Nothing stops you writing an application that downloads encrypted media and plays it back on Linux today. It just wouldn't be very secure.
If the audio is decrypted inside the app and then sent direct to the sound card, bypassing the operating system entirely, then you can't just dump the audio to a file with an LD_PRELOAD or kernel patch. You'd have to reverse engineer the internals of the application itself, rather difficult, and something which LaGrande makes even more difficult a
Re:Intel equivalent (Score:2)
Re:DRM (Score:5, Interesting)
For instance, consider this:
Personally I wouldn't trust my CC number to an unknown Windows machine these days. SSL/TLS wire security just isn't secure anymore when it's so easy to intercept the data before it's ever encrypted.
Consider - hardware process protection would theoretically allow for Linux-compatible DRM. Right now Windows Media DRM uses the "secure audio path" to try and prevent people using malicious audio drivers to trivially dump the decrypted audio out of the player. Linux has no equivalent, fundamentally cannot, however these kind of hardware features could allow it to get such a thing without breaking the GPL (because the operating system can be GPLd and therefore "untrusted" but the player would not have to trust it to work...)
Anyway, like most technologies, it cuts both ways. It has uses you'll disagree with and others you will want. Just deal with it.
Re:DRM (Score:2)
There's a third possibility you ignore: that DRM reduces software sales. I'm not aware of any credible research on the topic, but I know that there are albums I plan to buy from the iTunes Music Store, but only if JHymn is fixed to allow me to strip the DRM. Similarly, I
Re:DRM (Score:2)
It's true I ignored this possibility. The only hard statistics I've seen on this have been done by (drumroll) copy protection vendors, nonetheless, they are at least somewhat pseudo-scientific which is more than the purely anecdotal evidence I've seen to support the opposing view. Essentially copy protection vendors claim that the sales you lose through piracy drop off as time goes by, so for instance if a crack is developed a year a
Re:DRM (Score:1)
Re:DRM (Score:2)
Re:DRM (Score:2)
b) If you are running Windows, you still won't know. The chain of trust runs downwards, your apps trust Windows which again trusts the TCPA. Whatever Windows does, you'll never know. And if you don't run Windows, then it's pretty hard to hide something in plain sight code.
c) I'd wager more on the ubiquitousness of piracy to change things. Have you read the stats on the young generati
Re:DRM (Score:2)
I'd be interested to see an actual implementation of that. But anyway, this is why LaGrande/Cell Security include "measured boot", so the program can check that the system hasn't been rooted.
Re:DRM (Score:1)
Then... (Score:4, Funny)
Re:Then... (Score:1)
Re:Cell Home Workstations (Score:1)
Re:Cell Home Workstations (Score:2)
Re:Cell Home Workstations (Score:1)
Yeah, single precision floating point is just what you need in engineering you astroturfing little fuckstain.
Uhh....whaaat? (Score:4, Interesting)
That sounds like a great technology. Truly. If used for the right purposes.
WHY are you implementing it on a GAME CONSOLE? (I'm also a little scared of the wording '...allow an application to protect itself... - we're writing sentience into these things, now, too? Might cause some ethical issues with first-person shooters..)
I'd love that sort of protection on a kiosk machine, something we'd send to a trade show, or even the laptops employed by our sales force. But the PS3? Nothing mission-critical is going to happen on the PS3. Nothing. Wait, wait.. I think I figured it out...
Digital Rights Management. Gotcha, gotcha. Thanks, Sony. It's nice to know that the PS3 will have an anti-modchip on it from the getgo.
Re:Uhh....whaaat? (Score:4, Informative)
-Rick
Re:Uhh....whaaat? (Score:2)
Wouldn't be surprised if this helped limit potential Homebrew activity.
Re:Uhh....whaaat? (Score:2)
-Rick
Re:Uhh....whaaat? (Score:2)
Hopefully most mod-friendly games won't. On the other hand, as another poster mentioned, if this can help eliminate mods for on-line multiplay, then it might be a good thing if it can be enabled under certain circumstances.
Re:Uhh....whaaat? (Score:1)
Really? The only such app I've seen was a cheat program. Usually mods change the game's datafiles.
Re:Uhh....whaaat? (Score:5, Insightful)
Maybe because the Cell is designed to be used for more things than just the PlayStation?
Re:Uhh....whaaat? (Score:3, Insightful)
Re:Uhh....whaaat? (Score:2)
Maybe because the Cell is designed to be used for more things than just the PlayStation?
Correct answer, incorrect question.
Question is: why did Sony choose to put a Cell processor--an architecture that's substantially different from what they used before, and that contains features superfluous to the goals of a gaming console--in their upcoming gaming consoles?
Optional bonus question: why did Slashdot title this story "PS3 CELL PROCESSOR Security Architecture"
Re:Uhh....whaaat? (Score:3, Insightful)
Obligatory Bonus Answer: Slashdot editors can't usually be bothered to RTFA or edit.
Alternate Bonus Answer: Most readers might recognize "PS3" over "Cell Processor" and wonder what the latter has to do with their lives, while th
Re:Uhh....whaaat? (Score:1)
This would mean attaching to 90nm wires at 3.2 Gigs; that is it going to make mod chips a bit harder.
(The Xbox modchips use a 33Mhz bus and existing solder points on the motherboard (i.e. a 100 times slower and over a 1,000 times larger)
Re:Uhh....whaaat? (Score:1)
Re:Uhh....whaaat? (Score:2)
Um, because the Cell isn't just a game console processor, it's a multi-purpose vector processor.
IBM, Sony, and... who's the other person working on it? I forget. Anyways, the people involved each want it for various purposes. Yes, Sony wants to use it in the PS3, but IBM wants to do some serious work with the Cell and potentially replace POWER with it.
Re:Uhh....whaaat? (Score:1)
Imagine yourself encoding a movie, and your neighbor's ps3 helps you out because it isn't in use... would you like your neighbor having the ability to see what your encoding? Nah, and I'm not saying that this technology will be used in t
Concise summary (Score:3, Interesting)
2) It also has a Runtime Secure Boot. This involves using a cryptographically signed BIOS. This verifies that the BIOS is trusted. From here, any time control is handed over to another program, it first must be cryptographically verified. This prevents unauthorized or compromised code from executing.
3) Once you've securely booted and your SPE is in isolation mode, protected from the eyes of other threads, you have access to The Root Key. The Root Key is stored in hardware, can't be accessed by software, and is used to decrypt other keys. These other keys are then used to do encryption in an individual SPE.
So, we make a key, stick it in some flip flops that you can't read, isolate an SPE to provide memory protection, and then authenticate each and every piece of code from the BIOS through to the currently executing thread. Everything going in is encrypted, isolated when the work is being done, and gets re-encrypted before leaving to the next module, all using encrypted keys. Pretty thick stuff.
KESU offers better protection (Score:2)
Now, where have we all heard that before? VMS suffered from some pretty cruddy hardware (hey, that was then) but at least buffer overflows were not exploitable.
Nothing new under the sun, move along, nothing to see here.