学位论文详细信息
Low-Overhead Designs for Secure Uniprocessor and Multiprocessor Architectures
memory authentication;memory encryption;address independent seed encryption;bonsai merkle tree;secure processor architecture;secure DSM multiprocessor
Rogers, Brian Michael ; Yan Solihin, Committee Chair,Gregory Byrd, Committee Member,Thomas Conte, Committee Member,Peng Ning, Committee Member,Milos Prvulovic, Committee Member,Rogers, Brian Michael ; Yan Solihin ; Committee Chair ; Gregory Byrd ; Committee Member ; Thomas Conte ; Committee Member ; Peng Ning ; Committee Member ; Milos Prvulovic ; Committee Member
University:North Carolina State University
关键词: memory authentication;    memory encryption;    address independent seed encryption;    bonsai merkle tree;    secure processor architecture;    secure DSM multiprocessor;   
Others  :  https://repository.lib.ncsu.edu/bitstream/handle/1840.16/3283/etd.pdf?sequence=1&isAllowed=y
美国|英语
来源: null
PDF
【 摘 要 】

The security of computer systems is becoming a growing concern as the increasing ability and motivation of attackers continues to expand the types of attacks that exist to exploit a vast amount of digital information. In particular, new types of hardware-based attacks have become widespread in addition to the more traditional software attack methods. For example, a hardware attack may consist of utilizing a device to physically observe or tamper with sensitive information in a system. Such attacks are able to subvert software-only security measures, and as a result, computer researchers and designers have investigated hardware security solutions to address these concerns. In particular, secure processor architectures have been proposed as a way to prevent hardware-based attacks by cryptographically protecting the data and code executed in a system to ensure its privacy and integrity. Through such a level of protection, many important security issues may be addressed such as the prevention of the theft or tampering of critical data, prevention of reverse engineering of code, and protection from software piracy. In this dissertation, we propose and evaluate novel secure processor architectures for two broad types of system designs. First, for single processor chip systems, we propose a secure processor architecture based on the novel techniques of AddressIndependent Seed Encryption (AISE) and Bonsai Merkle Trees (BMT) for implementing memory encryption and integrity verification respectively. AISE is based on counter-mode encryption, and like prior counter-mode encryption schemes, it effectively hides cryptographic latencies from the critical path of off-chip data fetches. However, at the same time it eliminates significant security and system-level drawbacks associated with prior schemes such as the lack of support for virtual memory mechanisms and shared memory inter-processcommunication. BMT is a novel Merkle Tree memory integrity verification approach which retains the strong security properties of standard Merkle Tree protection, but with a significant reduction in execution time overheads and memory storage overheads. Experimental results on the SPEC 2000 benchmarks show that BMTs reduce the overhead of Merkle Tree integrity verification in a secure processor from 12% to 2% on average. Second, we propose the first secure processor architectures designed specifically for protecting distributed shared memory (DSM) multiprocessors. DSM systems require not only protecting data communicated between a processor and its memory, but also data communicated between processors across the interconnection network. We present a security requirements analysis for protecting the privacy and integrity of code and data in a DSM system, and then propose three table-based hardware schemes to protect processor-processor data communication in a DSM, while leveraging uniprocessor-based approaches for protecting processor-memory data communication. After evaluating these schemes, we identify several performance and complexity drawbacks that are inherent in two-level schemes such as this which protect the two types of DSM communication with separate mechanisms. Thus, we propose an alternative, single-level DSM data protection scheme which leverages a single mechanism for protecting all off-chip DSM data transfers. Our experimental results show that thissingle-level scheme has an average overhead of only 1.6% across all SPLASH-2 benchmarks compared to a similar but unprotected DSM system.

【 预 览 】
附件列表
Files Size Format View
Low-Overhead Designs for Secure Uniprocessor and Multiprocessor Architectures 2135KB PDF download
  文献评价指标  
  下载次数:5次 浏览次数:14次