Energy-secure computer architectures

Modern processor chips and associated systems are generally equipped with dynamic power managers. These are implemented as sense-control-and-actuate feedback control systems. In response to sensed metrics of power and/or performance, the controller tries to actuate control knobs (e.g. voltage and/or frequency) in order to make sure that some target metric (e.g. power consumption or a power-performance efficiency metric) tracks a set (reference) value as closely as feasible. This scenario is true even if the system does not have a dedicated, firmware-driven microcontroller to aid in such dynamic resource management. Some systems may have hardwired control logic to effect the same or similar feedback control algorithm. Regardless of how it is implemented, such a dynamic, feedback control system can be “fooled” into an inappropriate (or wrong) state or action - under certain conditions or properties of the workload. The workload conditions to trigger such undesirable actions may occur spontaneously (without user intent), or they may be a result of malicious intent. Regardless of intent, such “virus” workloads are of concern, because they can make the system unstable or even cause a large power overrun (or performance shortfall). In an extreme scenario, the system may incur permanent damage, requiring expensive repair. In this talk, we look at specific examples of such potential reliability-cum-security “holes” in current power-managed systems. We then propose system-level mitigation approaches to combat this problem. The underlying system architectural solution strategies are referred to here as “Energy-Secure System Architectures” (ESSA).