TrustGeM: Dynamic trusted environment generation for chip-multiprocessors

Abstract

Embedded system security challenges have been exacerbated by the complexity inherent in the software stack of next generation handheld devices (internet connectivity, app stores, mobile banking, etc.) and the aggressive push for multicore technology. As applications with different degrees of assurance are deployed on these multiprocessor platforms, new challenges emerge in terms of protection against software based side channel attacks and exploits such as buffer overruns. In this paper, we introduce TrustGeM: a dynamic trusted environment generation engine for chip-multiprocessors. TrustGeM's goal is to dynamically generate trusted execution environments for applications with different assurance requirements. TrustGeM exploits the concepts of application driven policy generation, performance/power-aware on-chip application sandboxing, and reliable, secure, and dynamic memory virtualization. Experimental results on an 8 Core CMP show that TrustGeM is able reduce overall system energy by an average 24% due to its memory utilization efficiency while incurring minimal performance overhead over the ideal case (an average of 5%). TrustGeM is also able to generate policies with much smaller memory requirements allowing the dynamic trusted environment generation to enforce the policies much more efficiently.