Making secure processors OS- and performance-friendly

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Making secure processors OS- and performance-friendly

Full text

Pdf (1.04 MB)

Source

ACM Transactions on Architecture and Code Optimization (TACO) archive
Volume 5 , Issue 4 (March 2009) table of contents

Article No. 16

Year of Publication: 2009

ISSN:1544-3566

Authors

Siddhartha Chhabra	North Carolina State University, Raleigh, NC
Brian Rogers	North Carolina State University, Raleigh, NC
Yan Solihin	North Carolina State University, Raleigh, NC
Milos Prvulovic	Georgia Institute of Technology, Atlanta, GA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 36, Downloads (12 Months): 244, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1498690.1498691 What is a DOI?

ABSTRACT

In today's digital world, computer security issues have become increasingly important. In particular, researchers have proposed designs for secure processors that utilize hardware-based memory encryption and integrity verification to protect the privacy and integrity of computation even from sophisticated physical attacks. However, currently proposed schemes remain hampered by problems that make them impractical for use in today's computer systems: lack of virtual memory and Inter-Process Communication support as well as excessive storage and performance overheads. In this article, we propose (1) address independent seed encryption (AISE), a counter-mode-based memory encryption scheme using a novel seed composition, and (2) bonsai Merkle trees (BMT), a novel Merkle tree-based memory integrity verification technique, to eliminate these system and performance issues associated with prior counter-mode memory encryption and Merkle tree integrity verification schemes. We present both a qualitative discussion and a quantitative analysis to illustrate the advantages of our techniques over previously proposed approaches in terms of complexity, feasibility, performance, and storage. Our results show that AISE+BMT reduces the overhead of prior memory encryption and integrity verification schemes from 12% to 2% on average for single-threaded benchmarks on uniprocessor systems, and from 15% to 4% for coscheduled benchmarks on multicore systems while eliminating critical system-level problems.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Keith Adams , Ole Agesen, A comparison of software and hardware techniques for x86 virtualization, Proceedings of the 12th international conference on Architectural support for programming languages and operating systems, October 21-25, 2006, San Jose, California, USA
	2	AMD. 2005. AMD64 Virtualization Codenamed Pacifica Technology: Secure Virtual Machine Architecture Reference Manual.
	3	Paul Barham , Boris Dragovic , Keir Fraser , Steven Hand , Tim Harris , Alex Ho , Rolf Neugebauer , Ian Pratt , Andrew Warfield, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	4	Luiz André Barroso , Kourosh Gharachorloo , Robert McNamara , Andreas Nowatzyk , Shaz Qadeer , Barton Sano , Scott Smith , Robert Stets , Ben Verghese, Piranha: a scalable architecture based on single-chip multiprocessing, Proceedings of the 27th annual international symposium on Computer architecture, p.282-293, June 2000, Vancouver, British Columbia, Canada
	5	FIPS Publication 180-1. 1995. Secure Hash Standard. National Institute of Standards and Technology, Federal Information Processing Standards.
	6	FIPS Publication 197. 2001. Specification for the Advanced Encryption Standard (AES). National Institute of Standards and Technology, Federal Information Processing Standards.
	7	Lan Gao , Jun Yang , Marek Chrobak , Youtao Zhang , San Nguyen , Hsien-Hsin S. Lee, A low-cost memory remapping scheme for address bus protection, Proceedings of the 15th international conference on Parallel architectures and compilation techniques, September 16-20, 2006, Seattle, Washington, USA [doi>10.1145/1152154.1152169]
	8	Garfinkel, T., Rosenblum, M., and Boneh, D. 2003. Flexible OS support and applications for trusted computing.
	9	Blaise Gassend , G. Edward Suh , Dwaine Clarke , Marten van Dijk , Srinivas Devadas, Caches and Hash Trees for Efficient Memory Integrity Verification, Proceedings of the 9th International Symposium on High-Performance Computer Architecture, p.295, February 08-12, 2003
	10	Gilmont, T., Legat, J.-D., and Quisquater, J.-J. 1999. Enhancing security in the memory management unit. In Proceedings of the 25th EuroMicro Conference. IEEE Computer Society, Los Alamitos, CA, 449--456.
	11	Steven M. Hand, Self-paging in the Nemesis operating system, Proceedings of the third symposium on Operating systems design and implementation, p.73-86, February 1999, New Orleans, Louisiana, United States
	12	Andrew bunnie Huang, The Trusted PC: Skin-Deep Security, Computer, v.35 n.10, p.103-105, October 2002 [doi>10.1109/MC.2002.1039525]
	13	Andrew Bunnie Huang, Hacking the Xbox: An Introduction to Reverse Engineering, No Starch Press, San Francisco, CA, 2003
	14	IBM. 2006. IBM Extends Enhanced Data Security to Consumer Electronics Products.
	15	Intel Corporation. 2005. Intel Virtualization Technology Specifications for the IA-32 Intel Architecture.
	16	Taeho Kgil , Laura Falk , Trevor Mudge, ChipLock: support for secure microarchitectures, ACM SIGARCH Computer Architecture News, v.33 n.1, March 2005 [doi>10.1145/1055626.1055644]
	17	H. Krawczyk , M. Bellare , R. Canetti, HMAC: Keyed-Hashing for Message Authentication, RFC Editor, 1997
	18	Kumar, A. 2004. Discovering passwords in memory. White Paper, Paladion Networks, Mumbai, India.
	19	James Laudon , Lawrence Spracklen, The coming wave of multithreaded chip multiprocessors, International Journal of Parallel Programming, v.35 n.3, p.299-330, June 2007 [doi>10.1007/s10766-007-0033-6]
	20	David Lie , John Mitchell , Chandramohan A. Thekkath , Mark Horowitz, Specifying and Verifying Hardware for Tamper-Resistant Software, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.166, May 11-14, 2003
	21	David Lie Chandramohan Thekkath , Mark Mitchell , Patrick Lincoln , Dan Boneh , John Mitchell , Mark Horowitz, Architectural support for copy and tamper resistant software, Proceedings of the ninth international conference on Architectural support for programming languages and operating systems, p.168-177, November 2000, Cambridge, Massachusetts, United States
	22	Michael R. Marty , Mark D. Hill, Virtual hierarchies to support server consolidation, Proceedings of the 34th annual international symposium on Computer architecture, June 09-13, 2007, San Diego, California, USA
	23	Olukotun, K., Nayfeh, B. A., Hammond, L., Wilson, K., and Chang, K.-Y. 1996. The case for a single-chip multiprocessor. SIGOPS Operat. Syst. Rev. 30, 5, 2--11.
	24	Renau, J., Tuck, J., Ceze, L., Strauss, K., and Torellas, J. 2004. SESC. http://sesc.sourceforge.net.
	25	Brian Rogers , Siddhartha Chhabra , Milos Prvulovic , Yan Solihin, Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly, Proceedings of the 40th Annual IEEE/ACM International Symposium on Microarchitecture, p.183-196, December 01-05, 2007 [doi>10.1109/MICRO.2007.44]
	26	Brian Rogers , Milos Prvulovic , Yan Solihin, Efficient data protection for distributed shared memory multiprocessors, Proceedings of the 15th international conference on Parallel architectures and compilation techniques, September 16-20, 2006, Seattle, Washington, USA [doi>10.1145/1152154.1152170]
	27	Semiconductor, M. 2007 (last modification). DS5002FP Secure Microprocessor Chip.
	28	Weidong Shi , Hsien-Hsin S. Lee, Authentication Control Point and Its Implications For Secure Processor Design, Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, p.103-112, December 09-13, 2006 [doi>10.1109/MICRO.2006.11]
	29	Weidong Shi , Hsien-Hsin S. Lee , Mrinmoy Ghosh , Chenghuai Lu, Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems, Proceedings of the 13th International Conference on Parallel Architectures and Compilation Techniques, p.123-134, September 29-October 03, 2004 [doi>10.1109/PACT.2004.8]
	30	Weidong Shi , Hsien-Hsin S. Lee , Mrinmoy Ghosh , Chenghuai Lu , Alexandra Boldyreva, High Efficiency Counter Mode Security Architecture via Prediction and Precomputation, ACM SIGARCH Computer Architecture News, v.33 n.2, p.14-24, May 2005
	31	Weidong Shi , Hsien-Hsin S. Lee , Chenghuai Lu , Mrinmoy Ghosh, Towards the issues in architectural support for protection of software execution, ACM SIGARCH Computer Architecture News, v.33 n.1, March 2005 [doi>10.1145/1055626.1055629]
	32	B. Sinharoy , R. N. Kalla , J. M. Tendler , R. J. Eickemeyer , J. B. Joyner, POWER5 System microarchitecture, IBM Journal of Research and Development, v.49 n.4/5, p.505-521, July 2005
	33	Standard Performance Evaluation Corporation. 2004. http://www.spec.org.
	34	G. Edward Suh , Dwaine Clarke , Blaise Gassend , Marten van Dijk , Srinivas Devadas, AEGIS: architecture for tamper-evident and tamper-resistant processing, Proceedings of the 17th annual international conference on Supercomputing, June 23-26, 2003, San Francisco, CA, USA [doi>10.1145/782814.782838]
	35	G. Edward Suh , Dwaine Clarke , Blaise Gassend , Marten van Dijk , Srinivas Devadas, Efficient Memory Integrity Verification and Encryption for Secure Processors, Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture, p.339, December 03-05, 2003
	36	Carl A. Waldspurger, Memory resource management in VMware ESX server, ACM SIGOPS Operating Systems Review, v.36 n.SI, Winter 2002 [doi>10.1145/844128.844146]
	37	Whitaker, A., Shaw, M., and Gribble, S. D. 2002. Denali: Lightweight virtual machines for distributed and networked applications. In Proceedings of the UNENIX Annual Technical Conference.
	38	Chenyu Yan , Daniel Englender , Milos Prvulovic , Brian Rogers , Yan Solihin, Improving Cost, Performance, and Security of Memory Encryption and Authentication, ACM SIGARCH Computer Architecture News, v.34 n.2, p.179-190, May 2006
	39	Jun Yang , Youtao Zhang , Lan Gao, Fast Secure Processor for Inhibiting Software Piracy and Tampering, Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture, p.351, December 03-05, 2003
	40	Youtao Zhang , Lan Gao , Jun Yang , Xiangyu Zhang , Rajiv Gupta, SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors, Proceedings of the 11th International Symposium on High-Performance Computer Architecture, p.352-362, February 12-16, 2005 [doi>10.1109/HPCA.2005.31]
	41	Xiaotong Zhuang , Tao Zhang , Hsien-Hsin S. Lee , Santosh Pande, Hardware assisted control flow obfuscation for embedded processors, Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems, September 22-25, 2004, Washington DC, USA [doi>10.1145/1023833.1023873]
	42	Zhuang, X., Zhang, T., and Pande, S. 2004. Hide: An infrastructure for efficiently protecting information leakage on the address bus. SIGOPS Operat. Syst. Rev. 38, 5, 72--84.