Hardware Assistance for Trustworthy Systems Through 3-D-Integration
Loading...
Authors
Valamehr, Jonathan
Tiwari, Mohit
Sherwood, Timothy
Kastner, Ryan
Subjects
Advisors
Date of Issue
2010-06-00
Date
Publisher
Association for Computing Machinery (ACM)
Language
Abstract
Hardware resources are abundant; state-of-the-art processors have over one billion transistors. Yet for a variety of reasons, specialized hardware functions for high assurance processing are seldom (i.e., a couple of features per vendor over twenty years) integrated into these commodity processors, despite a small flurry of late (e.g., ARM TrustZone, IntelVT-x/VT-d and AMD-V/AMD-Vi, Intel TXT and AMD SVM, and Intel AES-NI). Furthermore, as chips increase in complexity, trustworthy processing of sensitive information can become increasingly difficult to achieve due to extensive on-chip resource sharing and the lack of corresponding protection mechanisms. In this paper, we introduce a method to enhance the security of commodity integrated circuits, using minor modifications, in conjunction with a separate integrated circuit that can provide monitoring, access control, and other useful security functions. We introduce a new architecture using a separate control plane, stacked using 3-D integration, that allows for the function and economics of specialized security mechanisms, not available from a coprocessor alone, to be integrated with the underlying commodity computing hardware. We first describe a general methodology to modify the host computation plane by attaching an optional control plane using 3-D integration. In a developed example we show how this approach can increase system trustworthiness, through mitigating the cache-based side channel problem by routing signals from the computation plane through a cache monitor in the 3-D control plane.We show that the overhead of our example application, in terms of area, delay and performance impact, is negligible.
Type
Article
Description
Series/Report No
Department
Department of Electrical and Computer Engineering
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Proceedings of the Annual Computer Security Applications Conference (ACSAC), ACM, Austin, Texas, December 6, 2010, pp. 1-12.
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.