NCSU Institutional Repository >
NC State Theses and Dissertations >
Dissertations >

Please use this identifier to cite or link to this item: http://www.lib.ncsu.edu/resolver/1840.16/3283

Title: Low-Overhead Designs for Secure Uniprocessor and Multiprocessor Architectures
Authors: Rogers, Brian Michael
Advisors: Yan Solihin, Committee Chair
Gregory Byrd, Committee Member
Thomas Conte, Committee Member
Peng Ning, Committee Member
Milos Prvulovic, Committee Member
Keywords: memory authentication
memory encryption
address independent seed encryption
bonsai merkle tree
secure processor architecture
secure DSM multiprocessor
Issue Date: 4-Dec-2009
Degree: PhD
Discipline: Computer Engineering
Abstract: The security of computer systems is becoming a growing concern as the increasing ability and motivation of attackers continues to expand the types of attacks that exist to exploit a vast amount of digital information. In particular, new types of hardware-based attacks have become widespread in addition to the more traditional software attack methods. For example, a hardware attack may consist of utilizing a device to physically observe or tamper with sensitive information in a system. Such attacks are able to subvert software-only security measures, and as a result, computer researchers and designers have investigated hardware security solutions to address these concerns. In particular, secure processor architectures have been proposed as a way to prevent hardware-based attacks by cryptographically protecting the data and code executed in a system to ensure its privacy and integrity. Through such a level of protection, many important security issues may be addressed such as the prevention of the theft or tampering of critical data, prevention of reverse engineering of code, and protection from software piracy. In this dissertation, we propose and evaluate novel secure processor architectures for two broad types of system designs. First, for single processor chip systems, we propose a secure processor architecture based on the novel techniques of Address Independent Seed Encryption (AISE) and Bonsai Merkle Trees (BMT) for implementing memory encryption and integrity verification respectively. AISE is based on counter-mode encryption, and like prior counter-mode encryption schemes, it effectively hides cryptographic latencies from the critical path of off-chip data fetches. However, at the same time it eliminates significant security and system-level drawbacks associated with prior schemes such as the lack of support for virtual memory mechanisms and shared memory inter-process communication. BMT is a novel Merkle Tree memory integrity verification approach which retains the strong security properties of standard Merkle Tree protection, but with a significant reduction in execution time overheads and memory storage overheads. Experimental results on the SPEC 2000 benchmarks show that BMTs reduce the overhead of Merkle Tree integrity verification in a secure processor from 12% to 2% on average. Second, we propose the first secure processor architectures designed specifically for protecting distributed shared memory (DSM) multiprocessors. DSM systems require not only protecting data communicated between a processor and its memory, but also data communicated between processors across the interconnection network. We present a security requirements analysis for protecting the privacy and integrity of code and data in a DSM system, and then propose three table-based hardware schemes to protect processor-processor data communication in a DSM, while leveraging uniprocessor-based approaches for protecting processor-memory data communication. After evaluating these schemes, we identify several performance and complexity drawbacks that are inherent in two-level schemes such as this which protect the two types of DSM communication with separate mechanisms. Thus, we propose an alternative, single-level DSM data protection scheme which leverages a single mechanism for protecting all off-chip DSM data transfers. Our experimental results show that this single-level scheme has an average overhead of only 1.6% across all SPLASH-2 benchmarks compared to a similar but unprotected DSM system.
URI: http://www.lib.ncsu.edu/resolver/1840.16/3283
Appears in Collections:Dissertations

Files in This Item:

File Description SizeFormat
etd.pdf2.14 MBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.