A high-performance, low-overhead microarchitecture for secure program execution

A. Kanuparthi, R. Karri, Gaston Ormazabal, Sateesh Addepalli
{"title":"A high-performance, low-overhead microarchitecture for secure program execution","authors":"A. Kanuparthi, R. Karri, Gaston Ormazabal, Sateesh Addepalli","doi":"10.1109/ICCD.2012.6378624","DOIUrl":null,"url":null,"abstract":"High performance and low power consumption have traditionally been the primary design goals for computer architects. With computer systems facing a wave of attacks that disrupt their normal execution or leak sensitive data, computer security is no longer an afterthought. Dynamic integrity checking has emerged as a possible solution to protect computer systems by thwarting various attacks. Dynamic integrity checking involves calculation of hashes of the instructions in the code being executed and comparing these hashes against corresponding precomputed hashes at runtime. The processor pipeline is stalled and the instructions are not allowed to commit until the integrity check is complete. Such an approach has severe performance implications as it stalls the pipeline for several cycles. In this paper, we propose a hardware-based dynamic integrity checking approach that does not stall the processor pipeline. We permit the instructions to commit before the integrity check is complete, and allow them to make changes to the register file, but not the data cache. The system is rolled back to a known state if the checker deems the instructions as modified. Our experiments show an average performance overhead of 1.66%, area overhead of 4.25%, and a power overhead of 2.45% over a baseline processor.","PeriodicalId":313428,"journal":{"name":"2012 IEEE 30th International Conference on Computer Design (ICCD)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE 30th International Conference on Computer Design (ICCD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCD.2012.6378624","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 18

Abstract

High performance and low power consumption have traditionally been the primary design goals for computer architects. With computer systems facing a wave of attacks that disrupt their normal execution or leak sensitive data, computer security is no longer an afterthought. Dynamic integrity checking has emerged as a possible solution to protect computer systems by thwarting various attacks. Dynamic integrity checking involves calculation of hashes of the instructions in the code being executed and comparing these hashes against corresponding precomputed hashes at runtime. The processor pipeline is stalled and the instructions are not allowed to commit until the integrity check is complete. Such an approach has severe performance implications as it stalls the pipeline for several cycles. In this paper, we propose a hardware-based dynamic integrity checking approach that does not stall the processor pipeline. We permit the instructions to commit before the integrity check is complete, and allow them to make changes to the register file, but not the data cache. The system is rolled back to a known state if the checker deems the instructions as modified. Our experiments show an average performance overhead of 1.66%, area overhead of 4.25%, and a power overhead of 2.45% over a baseline processor.
用于安全程序执行的高性能、低开销的微体系结构
高性能和低功耗历来是计算机架构师的主要设计目标。随着计算机系统面临着破坏其正常运行或泄露敏感数据的攻击浪潮,计算机安全不再是事后的想法。动态完整性检查已经成为一种可能的解决方案,可以通过阻止各种攻击来保护计算机系统。动态完整性检查包括计算正在执行的代码中指令的哈希值,并在运行时将这些哈希值与相应的预先计算的哈希值进行比较。处理器管道被停止,指令在完整性检查完成之前不允许提交。这种方法具有严重的性能影响,因为它会使管道停滞几个周期。在本文中,我们提出了一种基于硬件的动态完整性检查方法,该方法不会使处理器管道停滞。我们允许在完整性检查完成之前提交指令,并允许它们对寄存器文件进行更改,但不允许对数据缓存进行更改。如果检查器认为指令被修改,系统将回滚到已知状态。我们的实验表明,与基准处理器相比,平均性能开销为1.66%,面积开销为4.25%,功耗开销为2.45%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信