High-assurance system support through 3-D integration
Download
Author
Huffmire, Theodore
Levin, Tim
Irvine, Cynthia
Nguyen, Thuy
Valamehr, Jonathan
Kastner, Ryan
Sherwood, Tim
Date
2007-11-09Metadata
Show full item recordAbstract
While hardware resources, in the form of both transistors and full microprocessor cores, are now fairly abundant, economic factors continue to prevent the integration into commodity parts of specialized hardware mechanisms required for secure processing. Multi-core processors, due to their wide adoption, impressive performance, and low cost, are very attractive platforms for computation. Unfortunately, highly secure processing of sensitive information on such platforms is extremely difficult to achieve due to extensive resource sharing and the lack of strong security primitives. In this paper we propose that commodity integrated circuits, with some very minor modifications, could be enhanced with a separate silicon layer used to enforce strong isolation, reference monitoring, and other useful security properties. A separate layer, stacked using 3-D integration, allows us to decouple the function and economics of high assurance policy enforcement mechanisms from the underlying high-performance computing hardware. We describe 3-D integration, how the host layer may be modified, and as our working example, we show how the problem of cache-based side channels can be addressed by re-routing signals from the computation layer through a cache manager in the control layer.