Secure High-Performance Computer Architectures: Challenges and Opportunities

2018 IEEE 25th International Conference on High Performance Computing (HiPC) Pub Date : 2018-12-01 DOI:10.1109/HiPC.2018.00038

S. Devadas

{"title":"Secure High-Performance Computer Architectures: Challenges and Opportunities","authors":"S. Devadas","doi":"10.1109/HiPC.2018.00038","DOIUrl":null,"url":null,"abstract":"Recent work has shown that architectural isolation can be violated through software side channel attacks that exploit microarchitectural performance optimizations such as speculation to leak secrets. While turning off microarchitectural optimizations can preclude some classes of attacks, we argue that performance and security do not have be in conflict, provided processors are designed with security in mind. We espouse a principled approach to eliminating entire attack surfaces through microarchitectural isolation, rather than plugging attack-specific privacy leaks. We argue that minimal modifications to hardware can defend against all currently-practical side channel attacks and without significant performance impact. As an application of this approach, we describe the Sanctum processor architecture that offers strong provable isolation of software modules running concurrently and sharing resources, and Sanctoom, a speculative, out-of-order variant with similar properties. These processors provide isolation even when large parts of the operating system are compromised, and their open-source implementations allow security properties to be independently verified. Biography Srini Devadas is the Webster Professor of EECS at MIT where he has been on the faculty since 1988. His current research interests are in computer security, computer architecture and applied cryptography. Devadas received the 2017 IEEE W. Wallace McDowell award and the 2018 IEEE Charles A. Desoer Technical Achievement award for his research in secure hardware. He is the author of “Programming for the Puzzled” (MIT Press, 2017), a book that builds a bridge between the recreational world of algorithmic puzzles and the pragmatic world of computer programming, teaching readers to program while solving puzzles. Devadas is a MacVicar Faculty Fellow, an Everett Moore Baker and a Bose award recipient, considered MIT’s highest teaching honors. 275 2018 IEEE 25th International Conference on High Performance Computing (HiPC) DOI 10.1109/HiPC.2018.00038","PeriodicalId":113335,"journal":{"name":"2018 IEEE 25th International Conference on High Performance Computing (HiPC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 25th International Conference on High Performance Computing (HiPC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HiPC.2018.00038","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Recent work has shown that architectural isolation can be violated through software side channel attacks that exploit microarchitectural performance optimizations such as speculation to leak secrets. While turning off microarchitectural optimizations can preclude some classes of attacks, we argue that performance and security do not have be in conflict, provided processors are designed with security in mind. We espouse a principled approach to eliminating entire attack surfaces through microarchitectural isolation, rather than plugging attack-specific privacy leaks. We argue that minimal modifications to hardware can defend against all currently-practical side channel attacks and without significant performance impact. As an application of this approach, we describe the Sanctum processor architecture that offers strong provable isolation of software modules running concurrently and sharing resources, and Sanctoom, a speculative, out-of-order variant with similar properties. These processors provide isolation even when large parts of the operating system are compromised, and their open-source implementations allow security properties to be independently verified. Biography Srini Devadas is the Webster Professor of EECS at MIT where he has been on the faculty since 1988. His current research interests are in computer security, computer architecture and applied cryptography. Devadas received the 2017 IEEE W. Wallace McDowell award and the 2018 IEEE Charles A. Desoer Technical Achievement award for his research in secure hardware. He is the author of “Programming for the Puzzled” (MIT Press, 2017), a book that builds a bridge between the recreational world of algorithmic puzzles and the pragmatic world of computer programming, teaching readers to program while solving puzzles. Devadas is a MacVicar Faculty Fellow, an Everett Moore Baker and a Bose award recipient, considered MIT’s highest teaching honors. 275 2018 IEEE 25th International Conference on High Performance Computing (HiPC) DOI 10.1109/HiPC.2018.00038

查看原文本刊更多论文

安全高性能计算机体系结构:挑战与机遇

最近的研究表明，架构隔离可以通过软件侧通道攻击来破坏，这种攻击利用微架构性能优化(如推测)来泄露机密。虽然关闭微体系结构优化可以排除某些类型的攻击，但我们认为，只要处理器在设计时考虑到安全性，性能和安全性就不会发生冲突。我们支持一种有原则的方法，通过微架构隔离来消除整个攻击面，而不是堵塞特定于攻击的隐私泄漏。我们认为，对硬件的最小修改可以防御所有当前实际的侧信道攻击，并且不会对性能产生重大影响。作为这种方法的一个应用，我们描述了Sanctum处理器架构，它提供了强大的可证明的并发运行和共享资源的软件模块隔离，以及sancoom，一个推测的、无序的变体，具有类似的属性。这些处理器即使在操作系统的大部分遭到破坏时也能提供隔离，而且它们的开源实现允许独立验证安全属性。Srini Devadas是麻省理工学院EECS韦伯斯特教授，自1988年以来一直在该学院任教。目前的研究方向为计算机安全、计算机体系结构和应用密码学。Devadas因其在安全硬件方面的研究获得了2017年IEEE W. Wallace McDowell奖和2018年IEEE Charles A. Desoer技术成就奖。他是《为困惑编程》(麻省理工学院出版社，2017)一书的作者，这本书在算法谜题的娱乐世界和计算机编程的实用世界之间架起了一座桥梁，教读者在解决谜题的同时编程。Devadas是MacVicar学院研究员，Everett Moore Baker和Bose奖获得者，被认为是麻省理工学院的最高教学荣誉。275 2018 IEEE第25届高性能计算国际会议(HiPC) DOI 10.1109/HiPC.2018.00038

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE 25th International Conference on High Performance Computing (HiPC)

自引率

0.00%

发文量