from the external world. It can also protect information inside the secure core or information related to the secure core’s relationship with its peripherals. We will look into this a bit later.

Another module associated with the processor is the controller that manages the relationship of the processor with its memory. This is also a very critical element in terms of security, because the path between the processor and memory is a natural point of attack. Specific measures have to be taken to protect information going along this path. Cryptographic measures may be one of several tools used for such protection. Finally, we need to mention yet another important specialized module which enables protected ways to use the processor. This is a bit technical so we’ll ask the reader to excuse us if we sound cryptic: language-specific components can define a sandbox limiting the processor functions that are accessible through generic programming. We felt we had to note it, but you probably know now why we took some oratory precautions. Actually, we’ll get into a discussion about sandboxes in the next chapter, which may help clarify the point.

While the processor needs to be trusted because it is the most active part of the secure core, it does not itself contain any data that are directly linked to the owner of the personal electronic device. Such data are stored in memory. A secure core typically includes two kinds of memory: fast but short-term memory for intermediate results and slower but long-term memory for keeping data. It is possible to identify the two memories with that of humans, who can remember more of one day’s activities during that day than they’ll remember a week later. The brain sorts out which temporary memories should be made into long-term ones using a process of synapse consolidation described by Eric R. Kandel in his book In Search of Memory. Similarly, the processor uses its short-term memory to do computations whose results will be stored in long-term memory if needed. Since short-term memory, called RAM (Random Access Memory) is first of all required to be very fast, it is typically not strongly encrypted. While this is considered acceptable in general, it cannot be tolerated for very critical data such as the keys used to decipher secret information. That is why short-term memory may be accompanied by a very specialized sub-form of it, which is constructed to avoid disclosure of cryptographic information at the cost naturally of being somewhat slower. This specific memory is called transient. There are three forms of long-term memory, each of which fulfills specific needed functions. There is ROM (Read-Only Memory), a form of memory which cannot be changed once it has been written. This is particularly important in terms of security because it guarantees that the information that has been written at the factory will not be modified. Operations that are critical to the general well being of the secure core will often be found in such memory. In this situation, trust is related to the preservation of original information.

A different kind of memory is modifiable, and is used to store the data of the owner of the personal electronic device, together with other sensitive data; for example, of the institutions important to the personal electronic device, perhaps a bank or a cellular phone operator, and other data that may be needed to perform operations of interest. Whether it’s called EEPROM (Electrically Erasable Programmable Read-Only Memory) or Flash this form of memory has long-term retention. Ten years is considered a good, average duration. While such long-term memories are good at keeping data for a long time, they are not particularly good at being too frequently changed. After a time, they wear out. That is why secure cores are very careful at selecting where they write data. They keep track of how often a particular section of memory has been written and they change the place of storage accordingly if needed. Long-term memory is typically both scrambled and encrypted since this is where the most important information of the personal electronic device resides. The central element of trust in the personal electronic device is there, at the core of the core, where our most private data resides. In a way, we can say that other elements of trust are related to entering and reading data from that central vault. To make a comparison

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)