DEV-PIM:内存处理的动态执行验证

Alper Bolat, Yahya Can Tugrul, Seyyid Hikmet Çelik, S. Sezer, M. Ottavi, O. Ergin
{"title":"DEV-PIM:内存处理的动态执行验证","authors":"Alper Bolat, Yahya Can Tugrul, Seyyid Hikmet Çelik, S. Sezer, M. Ottavi, O. Ergin","doi":"10.1109/ETS56758.2023.10174063","DOIUrl":null,"url":null,"abstract":"Instruction injections or soft errors during execution on the CPU can cause serious system vulnerabilities. During the standard program flow of the processor, the injection of unauthorized instruction or the occurrence of an error in the expected instruction are the main conditions for potentially serious such vulnerabilities. With the execution of these unauthorized instructions, adversaries could exploit SoC and execute their own malicious program or get higher-level privileges on the system. On the other hand, non-intentional errors can potentially corrupt programs causing unintended executions or the cause of program crashes. Modern trusted architectures propose solutions for unauthorized execution on SoC with additional software mechanisms or extra hardware logic on the same untrusted SoC. Nevertheless, these SoCs can still be vulnerable, as long as deployed security detection mechanisms are embedded within the same SoC’s fabric. Furthermore, validation mechanisms on the SoC increase the complexity and power consumption of the SoC. This paper presents DEV-PIM, a new, high-performance, and low-cost execution validation mechanism in SoCs with external DRAM memory. The proposed approach uses processing-in-memory (PIM) method to detect instruction injections or corrupted instructions by utilising basic computing resources on a standard DRAM device. DEV-PIM transfers instructions scheduled for execution on the CPU to the DRAM and validates them by comparing content with the trusted program record on the DRAM using PIM operations. By optimising the DRAM scheduling process validation tasks are only executed when memory access is idle. The CPU retains uninterrupted memory access and can continue its normal program flow without penalty. We evaluate DEV-PIM in an end-to-end DRAM-compatible environment and run a set of software benchmarks. On average, the proposed architecture is able to detect 98.46% of instruction injections for different validation. We also measured on average only 0.346% CPU execution overhead with DEV-PIM enabled.","PeriodicalId":211522,"journal":{"name":"2023 IEEE European Test Symposium (ETS)","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"DEV-PIM: Dynamic Execution Validation with Processing-in-Memory\",\"authors\":\"Alper Bolat, Yahya Can Tugrul, Seyyid Hikmet Çelik, S. Sezer, M. Ottavi, O. Ergin\",\"doi\":\"10.1109/ETS56758.2023.10174063\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Instruction injections or soft errors during execution on the CPU can cause serious system vulnerabilities. During the standard program flow of the processor, the injection of unauthorized instruction or the occurrence of an error in the expected instruction are the main conditions for potentially serious such vulnerabilities. With the execution of these unauthorized instructions, adversaries could exploit SoC and execute their own malicious program or get higher-level privileges on the system. On the other hand, non-intentional errors can potentially corrupt programs causing unintended executions or the cause of program crashes. Modern trusted architectures propose solutions for unauthorized execution on SoC with additional software mechanisms or extra hardware logic on the same untrusted SoC. Nevertheless, these SoCs can still be vulnerable, as long as deployed security detection mechanisms are embedded within the same SoC’s fabric. Furthermore, validation mechanisms on the SoC increase the complexity and power consumption of the SoC. This paper presents DEV-PIM, a new, high-performance, and low-cost execution validation mechanism in SoCs with external DRAM memory. The proposed approach uses processing-in-memory (PIM) method to detect instruction injections or corrupted instructions by utilising basic computing resources on a standard DRAM device. DEV-PIM transfers instructions scheduled for execution on the CPU to the DRAM and validates them by comparing content with the trusted program record on the DRAM using PIM operations. By optimising the DRAM scheduling process validation tasks are only executed when memory access is idle. The CPU retains uninterrupted memory access and can continue its normal program flow without penalty. We evaluate DEV-PIM in an end-to-end DRAM-compatible environment and run a set of software benchmarks. On average, the proposed architecture is able to detect 98.46% of instruction injections for different validation. We also measured on average only 0.346% CPU execution overhead with DEV-PIM enabled.\",\"PeriodicalId\":211522,\"journal\":{\"name\":\"2023 IEEE European Test Symposium (ETS)\",\"volume\":\"2016 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE European Test Symposium (ETS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ETS56758.2023.10174063\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE European Test Symposium (ETS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ETS56758.2023.10174063","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

CPU执行过程中的指令注入或软错误会导致严重的系统漏洞。在处理器的标准程序流程中,注入未经授权的指令或在预期指令中出现错误是潜在严重漏洞的主要条件。通过执行这些未经授权的指令,攻击者可以利用SoC并执行他们自己的恶意程序或在系统上获得更高级别的权限。另一方面,非故意错误可能会破坏程序,导致意外执行或导致程序崩溃。现代可信架构提出了在SoC上未经授权执行的解决方案,在相同的不可信SoC上使用额外的软件机制或额外的硬件逻辑。然而,只要部署的安全检测机制嵌入到相同的SoC结构中,这些SoC仍然容易受到攻击。此外,SoC上的验证机制增加了SoC的复杂性和功耗。本文提出了一种新的、高性能的、低成本的运行验证机制DEV-PIM。该方法利用标准DRAM设备上的基本计算资源,采用内存处理(PIM)方法检测指令注入或损坏指令。DEV-PIM将计划在CPU上执行的指令传输到DRAM,并通过使用PIM操作将内容与DRAM上的可信程序记录进行比较来验证它们。通过优化DRAM调度过程,验证任务仅在内存访问空闲时执行。CPU保持不间断的内存访问,可以继续其正常的程序流而不会受到惩罚。我们在端到端内存兼容环境中评估DEV-PIM,并运行一组软件基准测试。平均而言,所提出的架构能够检测98.46%的指令注入以进行不同的验证。我们还测量了在启用DEV-PIM时平均只有0.346%的CPU执行开销。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
DEV-PIM: Dynamic Execution Validation with Processing-in-Memory
Instruction injections or soft errors during execution on the CPU can cause serious system vulnerabilities. During the standard program flow of the processor, the injection of unauthorized instruction or the occurrence of an error in the expected instruction are the main conditions for potentially serious such vulnerabilities. With the execution of these unauthorized instructions, adversaries could exploit SoC and execute their own malicious program or get higher-level privileges on the system. On the other hand, non-intentional errors can potentially corrupt programs causing unintended executions or the cause of program crashes. Modern trusted architectures propose solutions for unauthorized execution on SoC with additional software mechanisms or extra hardware logic on the same untrusted SoC. Nevertheless, these SoCs can still be vulnerable, as long as deployed security detection mechanisms are embedded within the same SoC’s fabric. Furthermore, validation mechanisms on the SoC increase the complexity and power consumption of the SoC. This paper presents DEV-PIM, a new, high-performance, and low-cost execution validation mechanism in SoCs with external DRAM memory. The proposed approach uses processing-in-memory (PIM) method to detect instruction injections or corrupted instructions by utilising basic computing resources on a standard DRAM device. DEV-PIM transfers instructions scheduled for execution on the CPU to the DRAM and validates them by comparing content with the trusted program record on the DRAM using PIM operations. By optimising the DRAM scheduling process validation tasks are only executed when memory access is idle. The CPU retains uninterrupted memory access and can continue its normal program flow without penalty. We evaluate DEV-PIM in an end-to-end DRAM-compatible environment and run a set of software benchmarks. On average, the proposed architecture is able to detect 98.46% of instruction injections for different validation. We also measured on average only 0.346% CPU execution overhead with DEV-PIM enabled.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信