Abstract | ||
---|---|---|
Hardware resources are abundant; state-of-the-art processors have over one billion transistors. Yet for a variety of reasons, specialized hardware functions for high assurance processing are seldom (i.e., a couple of features per vendor over twenty years) integrated into these commodity processors, despite a small flurry of late (e.g., ARM TrustZone, Intel VT-x/VT-d and AMD-V/AMD-Vi, Intel TXT and AMD SVM, and Intel AES-NI). Furthermore, as chips increase in complexity, trustworthy processing of sensitive information can become increasingly difficult to achieve due to extensive on-chip resource sharing and the lack of corresponding protection mechanisms. In this paper, we introduce a method to enhance the security of commodity integrated circuits, using minor modifications, in conjunction with a separate integrated circuit that can provide monitoring, access control, and other useful security functions. We introduce a new architecture using a separate control plane, stacked using 3D integration, that allows for the function and economics of specialized security mechanisms, not available from a co-processor alone, to be integrated with the underlying commodity computing hardware. We first describe a general methodology to modify the host computation plane by attaching an optional control plane using 3-D integration. In a developed example we show how this approach can increase system trustworthiness, through mitigating the cache-based side channel problem by routing signals from the computation plane through a cache monitor in the 3-D control plane. We show that the overhead of our example application, in terms of area, delay and performance impact, is negligible. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1145/1920261.1920292 | ACSAC |
Keywords | Field | DocType |
commodity integrated circuit,separate integrated circuit,trustworthy system,intel txt,host computation plane,optional control plane,intel aes-ni,computation plane,3-d integration,access control,hardware assistance,3-d control plane,separate control plane,integrated circuit,resource sharing,chip,cross site scripting,information processing,integrated circuits,information security | Information assurance,Computer security,Cache,Computer science,Real-time computing,Side channel attack,Computer hardware,Integrated circuit,Commodity computing,Information security,Access control,Shared resource,Embedded system | Conference |
Citations | PageRank | References |
8 | 0.58 | 15 |
Authors | ||
7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jonathan Valamehr | 1 | 89 | 5.20 |
Mohit Tiwari | 2 | 445 | 23.94 |
Timothy Sherwood | 3 | 1921 | 123.28 |
Ryan Kastner | 4 | 1779 | 147.73 |
Ted Huffmire | 5 | 204 | 11.80 |
Cynthia Irvine | 6 | 167 | 19.58 |
Timothy Levin | 7 | 165 | 10.38 |