Low-Overhead Designs for Secure Uniprocessor and Multiprocessor Architectures
No Thumbnail Available
Files
Date
2009-12-04
Authors
Journal Title
Series/Report No.
Journal ISSN
Volume Title
Publisher
Abstract
The security of computer systems is becoming a growing concern as the increasing ability and motivation of attackers continues to expand the types of attacks that exist to exploit a vast amount of digital information. In particular, new types of hardware-based attacks have become widespread in addition to the more traditional software attack methods. For example, a hardware attack may consist of utilizing a device to physically observe or tamper with sensitive information in a system. Such attacks are able to subvert software-only security measures, and as a result, computer researchers and designers have investigated hardware security solutions to address these concerns. In particular, secure processor architectures have been proposed as a way to prevent hardware-based attacks by cryptographically protecting the data and code executed in a system to ensure its privacy and integrity. Through such a level of protection, many important security issues may be addressed such as the prevention of the theft or tampering of critical data, prevention of reverse engineering of code, and protection from software piracy. In this dissertation, we propose and evaluate novel secure processor architectures for two broad types of system designs.
First, for single processor chip systems, we propose a secure processor architecture based on the novel techniques of Address Independent Seed Encryption (AISE) and Bonsai Merkle Trees (BMT) for implementing memory encryption and integrity verification respectively. AISE is based on counter-mode encryption, and like prior counter-mode encryption schemes, it effectively hides cryptographic latencies from the critical path of off-chip data fetches. However, at the same time it eliminates significant security and
system-level drawbacks associated with prior schemes such as the lack of support for virtual memory mechanisms and shared memory inter-process
communication. BMT is a novel Merkle Tree memory integrity verification approach which retains the strong security properties of standard Merkle Tree protection, but with a significant reduction in execution time overheads and memory storage overheads. Experimental results on the SPEC 2000 benchmarks show that BMTs reduce the overhead of Merkle Tree integrity verification in a secure processor from 12% to 2% on average.
Second, we propose the first secure processor architectures designed specifically for protecting distributed shared memory (DSM) multiprocessors. DSM systems require not only protecting data communicated between a processor and its memory, but also data communicated between processors across the interconnection network. We present a security requirements analysis for protecting the privacy and integrity of code and data in a DSM system, and then propose three table-based hardware schemes to protect processor-processor data communication in a DSM, while leveraging uniprocessor-based approaches for protecting processor-memory data communication. After evaluating these schemes, we identify several performance and complexity drawbacks that are inherent in two-level schemes such as this which protect the two types of DSM communication with separate mechanisms. Thus, we propose an alternative, single-level DSM data protection scheme which leverages a single mechanism for protecting all off-chip DSM data transfers. Our experimental results show that this
single-level scheme has an average overhead of only 1.6% across all SPLASH-2 benchmarks compared to a similar but unprotected DSM system.
Description
Keywords
memory authentication, memory encryption, address independent seed encryption, bonsai merkle tree, secure processor architecture, secure DSM multiprocessor
Citation
Degree
PhD
Discipline
Computer Engineering
