Series
CERCS Technical Report Series
CERCS Technical Report Series
Permanent Link
Series Type
Publication Series
Description
Associated Organization(s)
Associated Organization(s)
Organizational Unit
Publication Search Results
Now showing
1 - 3 of 3
-
ItemHigh Speed Memory Centric Protection on Software Execution Using One-Time-Pad Prediction(Georgia Institute of Technology, 2004-07-23) Shi, Weidong ; Lee, Hsien-Hsin Sean ; Lu, Chenghuai ; Ghosh, MrinmoyThis paper presents a new security model for protecting software confidentiality. Different from the previous process-centric systems designed for the same purpose, the new model ties cryptographic properties and security attributes to memory instead of a user process. The advantages of such memory centric design over the previous process-centric design are two folds. First, it provides a better security model and access control on software confidentiality that supports both selective and mixed software encryption. Second, the new model supports and facilitates information sharing in an open software system where both confidential data and code could be shared by different user processes without unnecessary duplication as required by the process-centric approach. Furthermore, the paper addresses the latency issue of executing one-time-pad (OTP) encrypted software through a novel OTP prediction technique. One-time-pad based protection schemes on data confidentiality can improve performance over block-cipher based protection approaches by parallelizing data fetch and OTP generation when a sequence number associated with a missing cache block is cached on-chip. On a sequence number cache miss, OTP generation can not be started until the missing sequence number is fetched from the memory. Since the latency of OTP generation is in the magnitude of the order of hundreds of core CPU cycles, it becomes performance critical to have OTP ready as soon as possible. OTP prediction meets this challenge by using idle decryption engine cycles to speculatively compute OTPs for memory blocks whose sequence number are missing in the cache. Profiling and simulation results show that significant performance improvement using speculative OTP over regular OTP under both small 4KB and large sequence number cache settings 32KB due to the capability of speculative OTP technique to reduce misses on sequence number. The performance improvement is in the range from 15% to 25% for seven SPEC2000 benchmarks. The new access control protection and OTP prediction scheme requires only small amount of additional hardware resources over the existing proposed tamper resistant system but with greatly improved performance, protection, flexibility, and inter-operability.
-
ItemArchitecture Support for High Speed Protection of Memory Integrity and Confidentiality in Symmetric Multiprocessor Systems(Georgia Institute of Technology, 2004-06-01) Shi, Weidong ; Lee, Hsien-Hsin Sean ; Ghosh, Mrinmoy ; Lu, Chenghuai ; Zhang, TaoRecently there is a growing interest in both the architecture and the security community to create a hardware based solution for authenticating system memory. As shown in the previous work, such silicon based memory authentication could become a vital component for creating future trusted computing environments and digital rights protection. Almost all the published work have focused on authenticating memory that is exclusively owned by one processing unit. However, in today's computing platforms, memory is often shared by multiple processing units which support shared system memory and snoop bus based memory coherence. Authenticating shared memory is a new challenge to memory protection. In this paper, we present a secure and fast architecture solution for authenticating shared memory. In terms of incorporating memory authentication into the processor pipeline, we proposed a new scheme called Authentication Speculative Execution. Unlike the previous approach for hiding or tolerating latency of memory authentication, our scheme does not trades security for performance. The novel ASE scheme is both secure to be combined with one-time-pad (OTP) based memory encryption and efficient to tolerate authentication latency. Results using modified rsim and splash2 benchmarks show only 5% overhead in performance on dual and quad processor platforms. Furthermore, ASE shows 80% performance advantage on average over conservative non-speculative execution based authentication. The scheme is of practical use for both symmetric multiprocessor systems and uni-processor systems where memory is shared by the main processor and other co-processors attached to the system bus.
-
ItemTowards the Issues in Architectural Support for Protection of Software Execution(Georgia Institute of Technology, 2004) Shi, Weidong ; Lee, Hsien-Hsin Sean ; Lu, Chenghuai ; Ghosh, MrinmoyRecently, there is a growing interest in the research community to employ tamper-resistant processors for software protection. Many of these proposed systems rely on a specially tailored secure processor to prevent 1) illegal software duplication, 2) unauthorized software modification, and 3) unauthorized software reverse engineering. Most of these works primarily focus on the feasibility demonstration and design details rather than trying to elucidate many fundamental issues that are either ``elusive'' or ``confusing'' to the architecture researchers. Furthermore, many proposed systems have been built on assumptions whose security implications have not been well studied or understood. Instead of proposing yet another new secure architecture model, in this paper, we will try to answer some of these fundamental questions with respect to using hardware-based cryptography for protecting software execution. Those issues include, 1) Is hardware cryptography necessary? 2) Is per-process single cryptography key enough to provide the flexibility, inter-operability, and compatibility required by today's complex software system? 3) Is OTP (one-time-pad) in combination with ``lazy" authentication secure enough to protect software confidentiality? 4) Is there way to protect software integrity using less hardware resource? Finally, the paper defines the difference between off-line and on-line attacks and presents a very low overhead security enhancement technique that can improve protection on software integrity over on-line attacks by several magnitudes.