Abstract:

Typically HSM's protect cryptographic keys and algorithms and have a low level (cryptographic) API. Overall security is then dependent on the accessibility of the API. A simplistic way to improve this situation is to allow generic applications to run within a secure boundary. However the complexity and interfaces of most applications mean that merely running them on secure hardware will not provide good security.

The Hardware Security Appliance (HSA) research is exploring ways to find the right model/balance of using secure hardware to achieve better system security. The HSA concept is to encapsulate simple security services that bind security functions such as decryption with authorisation and authentication. Such hardware secured services provide a functional root of trust that can be placed within the context of a wider IT solution. Running a security service within a secure hardware device with limited functional and management APIs allows suprisingly rich policies to be tightly bound to the ways cryptographic keys are used. The HSA has an RSA identity to allow remote configuration of policies – hence creating a separation of control from local system administrators.

The talk will include examples of HSA services that highlights the main aspects of the approach and (hopefully) show how "thinking in an HSA like way" leads to different kinds of security and trust solutions.