Cell Broadband Engine Security Architecture

Kanna Shimizu, SonyToshibaIBM Design Center

With the rapidly growing demand for stronger security, it is becoming increasingly clear that software alone cannot meet this need. Therefore, hardware, which is intrinsically less vulnerable to holes, manipulation, and attacks, must be re-thought and re-architected to support the security of the system. Cell Broadband Engine (Cell BE) is a general-purpose microprocessor designed from scratch with this goal in mind. Its key strength is that it does not solely rely on the integrity of the operating system or the hypervisor for security. It is designed such that even if the operating system or the hypervisor is compromised, applications and data remain secure. This is in marked contrast with many other security architectures where once the operating system is compromised, all bets and guarantees are off.

The multi-core design of the Cell BE is leveraged to accomplish this strong protection. One class of processor cores on the Cell chip can be put into isolation mode whereby it is physically isolated from the rest of the system. When in this mode, the core's 256K of private local memory, where it holds its code and data, cannot even be accessed by root or the operating system. Therefore, a hacker who has root access, gains nothing in its attempt to observe, control, or copy the protected program and data.

The Cell BE will be the central processor for Sony Computer Entertainment's next-generation game console, the Playstation III. This game console is expected to be in about 100 million households in a few years, and thus, it can be safely assumed that the security architecture described in this talk will be pervasive and exploited by many commerce-driven consumer applications.

Gates 4B (opposite 490) Tuesday 10/25/05 1630 hrs