CODESSEAL: Compiler/FPGA Approach to Secure Applications ⋆ Olga Gelbart 1 , Paul Ott 1 , Bhagirath Narahari 1 , Rahul Simha 1 , Alok Choudhary 2 , and Joseph Zambreno 2 1 The George Washington University, Washington, DC 20052 USA 2 Northwesten University, Evanston, IL 60208 USA Abstract. The science of security informatics has become a rapidly growing field involving different branches of computer science and infor- mation technologies. Software protection, particularly for security appli- cations, has become an important area in computer security. This paper proposes a joint compiler/hardware infrastructure - CODESSEAL - for software protection for fully encrypted execution in which both program and data are in encrypted form in memory. The processor is supple- mented with an FPGA-based secure hardware component that is capable of fast encryption and decryption, and performs code integrity verifica- tion, authentication, and provides protection of the execution control flow. This paper outlines the CODESSEAL approach, the architecture, and presents preliminary performance results. 1 Introduction With the growing cost of hacker attacks and information loss, it is becoming increasingly important for computer systems to function reliably and securely. Because attackers are able to breach into systems in operation, it is becoming necessary not only to verify a program’s integrity before execution starts, but also during runtime. Attackers exploit software vulnerabilities caused by pro- gramming errors, system or programming language flaws. Sophisticated attack- ers attempt to tamper directly with the hardware in order to alter execution. A number of software and software-hardware tools have been proposed to prevent or detect these kinds of attacks [1, 2, 3, 8]. Most of the tools focus on a specific area of software security, such as static code analysis or dynamic code checking. While they secure the system against specific types of attacks, current meth- ods do not provide code integrity, authentication, and control flow protection methods that address attacks using injection of malicious code. We propose a software/hardware tool - CODESSEAL - that combines static and dynamic verification methods with compiler techniques and a processor sup- plemented with a secure hardware component in the form of an FPGA (Field Programmable Gate Array) in order to provide a secure execution environment ⋆ The research is supported in part by NSF grant CCR-0325207. P. Kantor et al. (Eds.): ISI 2005, LNCS 3495, pp. 530–535, 2005. c  Springer-Verlag Berlin Heidelberg 2005