ASM: An Adaptive Secure Multicore for Co-located Mutually Distrusting Processes

IF 1.5 3区计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

ACM Transactions on Architecture and Code Optimization Pub Date : 2023-07-19 DOI:https://dl.acm.org/doi/10.1145/3587480

Abdul Rasheed Sahni, Hamza Omar, Usman Ali, Omer Khan

{"title":"ASM: An Adaptive Secure Multicore for Co-located Mutually Distrusting Processes","authors":"Abdul Rasheed Sahni, Hamza Omar, Usman Ali, Omer Khan","doi":"https://dl.acm.org/doi/10.1145/3587480","DOIUrl":null,"url":null,"abstract":"<p>With the ever-increasing virtualization of software and hardware, the privacy of user-sensitive data is a fundamental concern in computation outsourcing. Secure processors enable a trusted execution environment to guarantee security properties based on the principles of isolation, sealing, and integrity. However, the shared hardware resources within the microarchitecture are increasingly being used by co-located adversarial software to create timing-based side-channel attacks. State-of-the-art secure processors implement the <i>strong isolation</i> primitive to enable non-interference for shared hardware but suffer from frequent state purging and resource utilization overheads, leading to degraded performance. This article proposes <sans-serif>ASM</sans-serif>, an adaptive secure multicore architecture that enables a reconfigurable, yet strongly isolated execution environment. For outsourced security-critical processes, the proposed security kernel and hardware extensions allow either a given process to execute using all available cores or co-execute multiple processes on strongly isolated clusters of cores. This spatio-temporal execution environment is configured based on resource demands of processes, such that the secure processor mitigates state purging overheads and maximizes hardware resource utilization.</p>","PeriodicalId":50920,"journal":{"name":"ACM Transactions on Architecture and Code Optimization","volume":"19 1","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2023-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Architecture and Code Optimization","FirstCategoryId":"94","ListUrlMain":"https://doi.org/https://dl.acm.org/doi/10.1145/3587480","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

With the ever-increasing virtualization of software and hardware, the privacy of user-sensitive data is a fundamental concern in computation outsourcing. Secure processors enable a trusted execution environment to guarantee security properties based on the principles of isolation, sealing, and integrity. However, the shared hardware resources within the microarchitecture are increasingly being used by co-located adversarial software to create timing-based side-channel attacks. State-of-the-art secure processors implement the strong isolation primitive to enable non-interference for shared hardware but suffer from frequent state purging and resource utilization overheads, leading to degraded performance. This article proposes ASM, an adaptive secure multicore architecture that enables a reconfigurable, yet strongly isolated execution environment. For outsourced security-critical processes, the proposed security kernel and hardware extensions allow either a given process to execute using all available cores or co-execute multiple processes on strongly isolated clusters of cores. This spatio-temporal execution environment is configured based on resource demands of processes, such that the secure processor mitigates state purging overheads and maximizes hardware resource utilization.

查看原文本刊更多论文

ASM:一种自适应安全多核共存的互不信任进程

随着软件和硬件虚拟化程度的不断提高，用户敏感数据的隐私是计算外包的一个基本问题。安全处理器支持可信的执行环境，以保证基于隔离、密封和完整性原则的安全属性。然而，微架构内的共享硬件资源正越来越多地被位于同一位置的对抗软件用于创建基于时序的侧信道攻击。最先进的安全处理器实现了强隔离原语，使共享硬件不受干扰，但会遭受频繁的状态清除和资源利用开销，从而导致性能下降。本文提出了ASM，这是一种自适应的安全多核体系结构，它支持可重构但又高度隔离的执行环境。对于外包的安全关键流程，建议的安全内核和硬件扩展允许使用所有可用的内核执行给定的进程，或者在高度隔离的内核集群上共同执行多个进程。这种时空执行环境是根据进程的资源需求配置的，这样安全处理器就可以减少状态清除开销并最大化硬件资源利用率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Architecture and Code Optimization 工程技术-计算机：理论方法

CiteScore

3.60

自引率

6.20%

发文量

审稿时长

6-12 weeks

期刊介绍： ACM Transactions on Architecture and Code Optimization (TACO) focuses on hardware, software, and system research spanning the fields of computer architecture and code optimization. Articles that appear in TACO will either present new techniques and concepts or report on experiences and experiments with actual systems. Insights useful to architects, hardware or software developers, designers, builders, and users will be emphasized.