Tech Note #110: Concept for a Secure Network Computer
©
2000 Bionic Buffalo Corporation; All Rights Reserved.
Tuesday, 11 January 2000
http://www.tatanka.com
[tn0110]
Page 7 of 18
An effective procedure to verify that HC memory, cache, and registers are cleared, is to present
a cryptographically strong, pseudo-random number sequence to the HC. This sequence must
be long enough so that it will occupy all of the memory, cache and register storage capacity of
the HC. Then the HC must be able to replay the identical sequence back to its originator,
showing that the entire capacity of the HC was cleared by being filled with the pseudo-random
number sequence.
The Memory Clearing Initiator (MCI) creates the pseudo-random sequence, and correct replay
is verified by the Interior and Exterior Memory Clearing Verifiers (IMCV and EMCV). Both
the MCI and both MCVs are external to the HC, and may conveniently be located within the
SM. There are two MCVs, to prevent the failure of either one from compromising the security
of the SNC. Each MCV is hosted on a different CPU. The ESMCPU hosts the MCI.
The two SM CPUs must be connected in series between the HC and the external network.
Otherwise, either CPU might fail and pass messages between the HC and the external network,
without the other CPU to act as a check. Therefore, the interior CPU must include a conduit
between the HC and the exterior CPU.
The INA used for the HC’s network traffic can also serve for communications related to
memory clearing. If the INA is implemented with direct memory access (DMA) to the HC, then
the ISMCPU can examine HC memory directly to verify clearing. The converse should be
forbidden: it should be impossible for the HC to access SM memory, except perhaps for HC-
ISMCPU message buffers whose contents must be modified or viewed by the HC in any case.
Host
Computer
(HC)
Interior
Network
Adapter
(INA)
Interior
Memory
Clearing
Verifier
(IMCV)
Exterior
Memory
Clearing
Verifier
(EMCV)
Interior SM
CPU
(ISMCPU)
Exterior
SM CPU
(ESMCPU)
hosts
hosts
Memory
Clearing
Conduit
Memory
Clearing
Initiator
(MCI)
hosts
hosts
sends
pseudo-
random
sequence
verifies
pseudo-
random
sequence
verifies pseudo-
random
sequence
relays messages
between HC and
SM exterior CPU
fills memory, cache, and
registers with pseudo-
random sequence, then
replays for verification
tn011007 ©2000 Bionic Buffalo Corp