Presentation is loading. Please wait.

Presentation is loading. Please wait.

Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Proposal, UC Santa Barbara May 10, 2012 Committee:

Published byBrian Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Proposal, UC Santa Barbara May 10, 2012 Committee:"— Presentation transcript:

1 Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Proposal, UC Santa Barbara May 10, 2012 Committee: Prof. Timothy Sherwood (chair) Prof. Fred Chong Prof. Peter Michael Meliar-Smith Prof. Theodore Huffmire 1

2  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 2 Modern Microprocessors Intro/Motivation Commercial Processors (high speed) High Assurance Processors (secure)  Commercial CPU tradeoffs:  Performance  Power  Area  Cost  Security is often ignored or overlooked

3  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 3 Modern Microprocessors  Flurry of hardware attacks  Side channel attacks (Kocher 1996, Percival 2005, Bernstein 2005)  Power draw (Kocher et al. 1999, Jasper 2011)  EM analysis (Gandolfi et al. 2001, Agrawal et al. 2002)  Physical tamper  Memory remanence (Soden et al. 1995, Halderman et al. 2008) Intro/Motivation

4  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 4 Modern Microprocessors Intro/Motivation High Assurance Processors (secure)  High Assurance CPUs  Small market share  High development costs  Time-consuming to design  Commercial hardware still outperforms by 100x (and growing…)

5  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 5 Modern Microprocessors Intro/Motivation Commercial Processors (high speed) High Assurance Processors (secure) The solution

6  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 6 Thesis Statement  The functionality of a processor can be extended after making minimal changes to its design. We introduce several novel methods of adding security to processors, including the use of 3D Integration, resulting in secure processors that retain high performance. Intro/Motivation

7  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 7 Outline  Intro/Motivation  3D Security  3D Crypto  Work in Progress  Timeline  Conclusion 3D-Security

8  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 8 3D-Sec: Current Trends  Ideal: Fast and affordable high assurance systems  Resilient against attacks  Low cost  High performance 3D-Security

9  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 9 New Technology – 3D Integration  3D Integration  2 or more dies stacked as one system  Foundry level option Base Processor Second die 3D-Security

10  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 10 3D-Sec: Idea  Past Work: 3D Passive Monitors (Mysore et al. 2006)  Analyze data from base processor  Our Contribution – 3D Active Monitors (Valamehr et al. 2010)  Information flow control  Arbitration of communication  Partitioning of resources 3D-Security

11  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 11 3D-Sec: Idea  Benefits with 3D Integration 3D-Security Security ArchitecturePerformanceAccess to internal signals Security separate Off-chip coprocessor LowNoYes On-chip HighYesNo 3D layer HighYes

12  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 12 3D-Sec: Idea  Challenge  Normal operation if 3D layer absent  Security functions if 3D layer present 3D-Security

13  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 13 3D Security Layer – Circuit Level Primitives  Circuit-level primitives for an active monitor (a) Tapping (b) Re-routing(c) Overriding(d) Disabling = 3D layer connections= Signal flow 3D-Security

14  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 14 3D Security Layer – Tapping  Tapping sends requested signal to the 3-D control plane Tapping 3D-Security

15  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 15 3D Security Layer – Disabling  Disabling effectively blocks the transmission of signals Disabling 3D-Security X

16  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 16 3D Security Layer – Disabling  Theoretical 3-D Application: Mutual Trust Shared Bus Protocols Shared L2 $ Core 1 L1 $ Core 0 L1 $ Shared Bus = Post to the 3-D control plane = Signal flow...… 3D-Security

17  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 17 3D Security Layer – Re-routing  Re-routing sends requested signals to 3-D plane, and blocks their original transmission Re-routing 3D-Security X

18  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 18 3D Security Layer – Re-routing  Theoretical 3-D Application: Crypto Co-processor Standard Execution Pipeline AES 3-D Control Plane 1. Crypto Instruction2. Result Reg File L1 $ Crypto Control Unit 1. 2. Computation Plane RSADES …… …… 3D-Security INST

19  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 19 3D Security Layer – Overriding  Overriding blocks transmission of signal, while simultaneously injecting a new value Overriding 3D-Security

20  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion  Gate-level primitives 20 3D Security Layer – Gate Level Primitives 3D-Security in out in out in out in out Tapping Rerouting Disabling Overriding

21  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 21 3D Security Layer – General Primitive  General primitive 3D-Security

22  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 22 3D Security  Area overhead of general primitive(s) 3D-Security DesignArea of design (90nm Library Area Units) 1 General Primitive84.1 128 General Primitives10764.8 5-Stage MIPS Pipelined Processor240,000 4.5% increase

23  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 23 Background – Side-Channel Attacks  Access-driven cache attack (Percival 2005) Victim Process Shared Cache Attacker Process 3D-Security

24  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 24 3D Security Layer – Example Application  3-D Cache Eviction Monitor  Keep trusted process cache lines locked  Maintain secrecy of the private key 3D-Security

25  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 25 3D Security Layer – Example Application  3D Cache Eviction Monitor 3D-Security

26  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 26 3D Security Layer – Example Application  Cache Performance 3D-Security

27  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 27 Outline  Intro/Motivation  3D Security  3D Crypto  Work in Progress  Timeline  Conclusion 3D-Crypto

28  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 28 3D Crypto - Motivation  Current Crypto Co-processors  Off-die co-processor, or utilizing core in CMPs  Prone to tamper, vulnerable to side-channels  Lower performance  Ideal Crypto Co-processors  High integrity of data being processed  Tamper-proof and immune to attacks  High performance 3D-Crypto

29  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 29 3D Crypto Co-processor Main Processor Crypto Co-processor 3D-Crypto

30  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 30 3D Crypto – Security Ramifications  Threat Models (Valamehr et al. 2011)  Physical tamper  Memory remanence  Access-driven cache side-channel attacks  Time-driven cache side-channel attacks  Fault analysis  Electromagnetic analysis  Power analysis  Thermal analysis 3D-Crypto

31  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 31 3D Crypto – Future work 3D-Crypto  Potential cost savings with 3D  Use of older technologies  Relationship between:  Performance  Power  Cost

32  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 32 Outline  Intro/Motivation  3D Security  3D Crypto  Work in Progress  Timeline  Conclusion Work in Progress

33  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 33 MACS – MicroArchitectural Context Switches Shared L2 $ L1 $ VM 1 L1 $ VM 2 L1 $ VM 3 L1 $ Old VM New VM BP Work in Progress  Trends  Multiple VMs on same chip  Idle cores are utilized  Problems that arise  Side-channels  Data remanence

34  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 34 MACS – Initial Experiment  State clearing sensitivity  Simplescalar simulator  Implemented “Clear” function  Clear L1 and L2 caches every X cycles  SPEC2K benchmarks  How much is performance affected? Work in Progress

35  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 35 MACS – Simulation Parameters  Single superscalar processor  Modeled after AMD Shanghai CPU  64KB L1 I-cache  64KB L1 D-cache  512KB L2 cache Work in Progress

36  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 36 MACS – Simulations Work in Progress

37  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 37 MACS – Simulations Work in Progress

38  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 38 MACS – Potential Directions  Is clearing enough?  Do we need to pack/unpack?  Best way to clear lots of state?  More frequent switching applications  Fine-grain VMs  Mobile devices  Real-time systems Work in Progress

39  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 39 3D Extensible ISAs - Idea  3D layer that implements new instructions  Connects to control unit on existing processor  May have new functional units  Extends the ISA of processor  Allows reuse of fast processor  Examples  Multimedia  Crypto Work in Progress

40  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 40 3D Extensible ISAs - Approach  Design Control unit with free opcodes  Set aside a set of opcodes as available – NoOPs on base layer  Make every instruction explicit with controls – Any instruction not specified will be a NoOP  Find hook points  What data does the 3D layer need?  Which signals does the 3D need to change? Work in Progress

41  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 41 3D Extensible ISAs – Hook Points Base Layer Control unit Read opcode and register addresses (Tap) If opcode isn’t covered: NoOP Read register values if shared with 3-D layer (Tap) Replace data (Override) Work in Progress

42  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 42 3D Extensible ISAs – Implementation  How to connect modules  On a fabbed chip, use 3D primitives  In HDL, use gate-level primitives Tap Re-route Overwrite Work in Progress

43  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 43 3D Extensible ISAs – To do list  Integrate Simple CPU with AES/ECC  Find hook points  Figure out connection logic  Figure out timing issues  Crypto instructions into benchmarks  Insert them into benchmarks as assembly  Compile  Run through processor/crypto combo Work in Progress

44  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 44 Outline  Intro/Motivation  3D Security  3D Crypto  Work in Progress  Timeline  Conclusion Timeline

45  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 45 Timeline  Spring 2012  3D-Crypto  3D-Extensible ISAs  Fall 2012  3D-Extensible ISAs  MACS  Another project  Winter/Spring 2013  Thesis  Defense Timeline

46  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 46 Outline  Intro/Motivation  3D Security  3D Crypto  Work in Progress  Timeline  Conclusion Timeline

47  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 47 Publications Conclusion Inspection Resistant Memory: Architectural Support for Security from Physical Examination Jonathan Valamehr, Andrew Putnam, Daniel Shumow, Melissa Chase, Seny Kamara, Vinod Vaikuntanathan, and Timothy Sherwood. Proceedings of the International Symposium of Computer Architecture. (ISCA), June 2012. Portland, Oregon. Inspection Resistant Memory: Architectural Support for Security from Physical Examination A Qualitative Security Analysis of a New Class of 3-D Integrated Crypto Co-processors Jonathan Valamehr, Ted Huffmire, Cynthia Irvine, Ryan Kastner, Cetin Kaya Koc, Timothy Levin, and Timothy Sherwood. Festschrift Jean- Jacques Quisquater, to appear, D. Naccache, editor, LNCS Nr. 6805, Springer, 2011. A Qualitative Security Analysis of a New Class of 3-D Integrated Crypto Co-processors Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security Mohit Tiwari, Jason Oberg, Xun Li, Jonathan Valamehr, Timothy Levin, Ben Hardekopf, Ryan Kastner, Frederic T Chong, and Timothy Sherwood. in Proceedings of the International Symposium of Computer Architecture (ISCA), June 2011. San Jose, CA. Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security Hardware Assistance for Trustworthy Systems through 3-D Integration Jonathan Valamehr, Mohit Tiwari, and Timothy Sherwood, Ryan Kastner, Ted Huffmire, Cynthia Irvine and Timothy Levin. Proceedings of the Annual Computer Security Applications Conference (ACSAC), December 2010. Austin, Texas. Hardware Assistance for Trustworthy Systems through 3-D Integration Hardware Trust Implications of 3-D Integration Ted Huffmire, Timothy Levin, Michael Bilzor, Cynthia Irvine, Jonathan Valamehr, Mohit Tiwari, Timothy Sherwood, and Ryan Kastner. Workshop on Embedded Systems Security (WESS), October 2010. Scottsdale, Arizona. Hardware Trust Implications of 3-D Integration A Small Cache of Large Ranges: Hardware Methods for Efficiently Searching, Storing, and Updating Big Dataflow Tags Mohit Tiwari, Banit Agrawal, Shashidhar Mysore, Jonathan Valamehr, and Timothy Sherwood. Proceedings of the International Symposium on Microarchitecture (Micro), November 2008. Lake Como, Italy. A Small Cache of Large Ranges: Hardware Methods for Efficiently Searching, Storing, and Updating Big Dataflow Tags Designing Secure Systems on Reconfigurable Hardware Ted Huffmire, Brett Brotherton, Nick Callegari, Jonathan Valamehr, Jeff White, Ryan Kastner, and Tim Sherwood. ACM Transactions on Design Automation of Electronic Systems (TODAES) Vol 13 No 3, July 2008. Designing Secure Systems on Reconfigurable Hardware Trustworthy System Security through 3-D Integrated Hardware Ted Huffmire, Jonathan Valamehr, Timothy Sherwood, Ryan Kastner, Timothy Levin, Thuy D. Nguyen, and Cynthia Irvine. Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2008) June 2008. Anaheim, CA. Trustworthy System Security through 3-D Integrated Hardware High-Assurance System Support through 3-D Integration Theodore Huffmire, Tim Levin, Cynthia Irvine, Thuy Nguyen, Jonathan Valamehr, Ryan Kastner, and Tim Sherwood. NPS Technical Report NPS-CS-07-016, November 2007. High-Assurance System Support through 3-D Integration

48  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 48 Publications Conclusion Opportunities and Challenges of using Plasmonic Components in Nanophotonic Architectures Hassan Wassel, Daoxin Dai, Luke Theogarajan, Jennifer Dionne, Mohit Tiwari, Jonathan Valamehr, Frederic Chong, and Timothy Sherwood. IEEE Journal on Emerging and Selected Topics in Circuits and Systems (JETCAS) To appear Opportunities and Challenges of using Plasmonic Components in Nanophotonic Architectures Towards Chip-Scale Plasmonic Interconnects Hassan M. G. Wassel, Mohit Tiwari, Jonathan Valamehr, Luke Theogarajan, Jennifer Dionne, Frederic T. Chong, and Timothy Sherwood. Workshop on the Interaction between Nanophotonic Devices and Systems (WINDS) December 2010. Atlanta, Georgia. Towards Chip-Scale Plasmonic Interconnects

49  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 49 Acknowledgements Conclusion  Labmates  Committee members  Collaborators at NPS, UCSD, MSR, GA Tech  Janet Kayfetz

50 3-D Security 50 Thank you!

51  Intro/Motivation  3D-Security  3D-Crypto  Work in Progress  Timeline  Conclusion 51 Thesis Statement  The functionality of a processor can be extended after making minimal changes to its design. We introduce several novel methods of adding security to processors, including the use of 3D Integration, resulting in secure processors that retain high performance. Intro/Motivation

Download ppt "Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Proposal, UC Santa Barbara May 10, 2012 Committee:"

Similar presentations

Supporting Security at the Gate Level: Opportunities and Misconceptions Tim Sherwood UC Santa Barbara.

Supporting Security at the Gate Level: Opportunities and Misconceptions Tim Sherwood UC Santa Barbara.
Presenter : Cheng-Ta Wu Kenichiro Anjo, Member, IEEE, Atsushi Okamura, and Masato Motomura IEEE JOURNAL OF SOLID-STATE CIRCUITS, VOL. 39,NO. 5, MAY 2004.

Presenter : Cheng-Ta Wu Kenichiro Anjo, Member, IEEE, Atsushi Okamura, and Masato Motomura IEEE JOURNAL OF SOLID-STATE CIRCUITS, VOL. 39,NO. 5, MAY 2004.
Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
AMD OPTERON ARCHITECTURE Omar Aragon Abdel Salam Sayyad This presentation is missing the references used.

AMD OPTERON ARCHITECTURE Omar Aragon Abdel Salam Sayyad This presentation is missing the references used.
Department of Computer Science iGPU: Exception Support and Speculative Execution on GPUs Jaikrishnan Menon, Marc de Kruijf Karthikeyan Sankaralingam Vertical.

Department of Computer Science iGPU: Exception Support and Speculative Execution on GPUs Jaikrishnan Menon, Marc de Kruijf Karthikeyan Sankaralingam Vertical.
Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Defense, UC Santa Barbara May 7, 2013 Committee: Prof.

Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Defense, UC Santa Barbara May 7, 2013 Committee: Prof.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
A reconfigurable system featuring dynamically extensible embedded microprocessor, FPGA, and customizable I/O Borgatti, M. Lertora, F. Foret, B. Cali, L.

A reconfigurable system featuring dynamically extensible embedded microprocessor, FPGA, and customizable I/O Borgatti, M. Lertora, F. Foret, B. Cali, L.
Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November.

Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November.
Thread-Level Transactional Memory Decoupling Interface and Implementation UW Computer Architecture Affiliates Conference Kevin Moore October 21, 2004.

Thread-Level Transactional Memory Decoupling Interface and Implementation UW Computer Architecture Affiliates Conference Kevin Moore October 21, 2004.
Architecture Support for Security Peter Chapman Michael Maass.

Architecture Support for Security Peter Chapman Michael Maass.
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
3Dsec: Trustworthy System Security through 3-D Integrated Hardware Ted Huffmire 14 January 2009.

3Dsec: Trustworthy System Security through 3-D Integrated Hardware Ted Huffmire 14 January 2009.
June 20 th 2004University of Utah1 Microarchitectural Techniques to Reduce Interconnect Power in Clustered Processors Karthik Ramani Naveen Muralimanohar.

June 20 th 2004University of Utah1 Microarchitectural Techniques to Reduce Interconnect Power in Clustered Processors Karthik Ramani Naveen Muralimanohar.
State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.

State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.
Modern trends in computer architecture and semiconductor scaling are leading towards the design of chips with more and more processor cores. Highly concurrent.

Modern trends in computer architecture and semiconductor scaling are leading towards the design of chips with more and more processor cores. Highly concurrent.
Www.compaq.com Simultaneous Multithreading: Multiplying Alpha Performance Dr. Joel Emer Principal Member Technical Staff Alpha Development Group Compaq.

Simultaneous Multithreading: Multiplying Alpha Performance Dr. Joel Emer Principal Member Technical Staff Alpha Development Group Compaq.
Computer Organization and Assembly language

Computer Organization and Assembly language
On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.

On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.

Similar presentations

Ads by Google