PROMISE: A Programmable Hardware Monitor for Secure Execution in Zero Trust Networks

With the inevitable adoption of Zero Trust Architectures (ZTA) for enterprise networks, there is a need to continuously gauge the security health of connected devices. This requires runtime monitoring of the devices in the network. The challenge, especially in resource-constrained environments, is to ensure trusted monitoring at a fine granularity. In this paper, we propose PROMISE, a framework that overcomes this challenge and provides an online non-tamperable metric called trust score to quantify the security health of devices in a ZTA network. We use real-time hardware tracking of micro-architectural signals in the CPU to compute the trust score in a security co-processor that is isolated from the devices computing stack. The trust score for each device is sent to the ZTA host for corresponding responses. We evaluate PROMISE on an open-source RISC-V processor with different threat vectors, including ransomware, return-oriented programming (RoP) attacks, and cache-based micro-architectural attacks. We also deploy the framework on an AMD Artix 7AC701 FPGA and present the area overheads.