0

I was wondering if O.S. can act in such a way to hide from CPU what it is doing? I know that everything is computed only in CPU, but O.S. decides what that is, and keeps track of file system, etc. For example, CPU would not know if data it is processing is video streaming or web browsing, or encryption. And I am not referring here on homomorphic encryption (zero knowledge computing on encrypted data), but zero knowledge computing on actual data.

Jason
  • 3,086
  • 4
  • 20
  • 24
  • 2
    That depends on what kind of CPU-based attack exactly you have in mind. Can you give us an example? – Philipp Jun 29 '17 at 12:16
  • Related: [Firmware Backdoor Protection](https://security.stackexchange.com/q/61785/2138) – user Jun 30 '17 at 07:50

3 Answers3

3

The CPU is where the code is executed so, no, you can't "hide" processing from it. At least, not if you have just a single CPU.

But if you have additional processing units that you can program in a safe way, then you can protect some processing from the machine's CPU.

Smartcards are an exemple of such offloading: they are programmed in advance with the keys that will let them do their job. Later, they can be inserted into untrusted system and still maintain the integrity of process they were designed for. For instance, you can use a smartcard to store a RSA private key and allow the smartcard to be used from an untrusted computer while still retaining reasonable trust that these keys haven't been leaked.

Stephane
  • 18,557
  • 3
  • 61
  • 70
  • Of course, that's because the card can be made to *lack the ability to expose those keys*. Not entirely unlike how Notepad can't violate the confidentiality of a HTTPS session, because (at least last I looked) it didn't have the ability to speak HTTPS *at all*. It's much harder to do something similar if the purpose of the smartcard isn't to perform cryptographic operations, but to store cryptographic secrets that should be available to the system it is connected to. – user Jun 30 '17 at 07:49
1

It would be difficult for the OS to hide what is happening considering the CPU will process the instructions. Now, you may be able to hide date from certain threads within a CPU by explicitly stating which core you want the program to execute or to maintain a non symmetric multi-processing program. But, this all relies on which attack type you're trying to employ.

Joshua Faust
  • 638
  • 3
  • 8
1

I don't think it is possible to mitigate any attack that "record" the CPU activities and "replay" it.

Nevertheless, it is possible to use distributed processing to break data process to multiple system to hide the big picture.

(update) There is an answer that mentioned Smart Card Technology and Security. I will reserved my view. Because all the mentioned securities are not mean to mitigate "CPU process replay".

mootmoot
  • 2,387
  • 10
  • 16