510 likes | 518 Views
This PhD proposal explores the use of 3D integration to create secure processors that retain high performance, addressing the need for processors that prioritize both speed and security. The proposal introduces novel methods of adding security, including 3D Security and 3D Crypto. The goal is to develop fast and affordable high assurance systems that are resilient against attacks.
E N D
Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Proposal, UC Santa Barbara May 10, 2012 Committee: Prof. Timothy Sherwood (chair) Prof. Fred Chong Prof. Peter Michael Meliar-Smith Prof. Theodore Huffmire
Intro/Motivation Modern Microprocessors • Commercial CPU tradeoffs: • Performance • Power • Area • Cost • Security is often ignored or overlooked High Assurance Processors (secure) Commercial Processors (high speed)
Intro/Motivation Modern Microprocessors • Flurry of hardware attacks • Side channel attacks (Kocher 1996, Percival 2005, Bernstein 2005) • Power draw (Kocher et al. 1999, Jasper 2011) • EM analysis (Gandolfi et al. 2001 , Agrawal et al. 2002) • Physical tamper • Memory remanence (Soden et al. 1995, Halderman et al. 2008)
Intro/Motivation Modern Microprocessors • High Assurance CPUs • Small market share • High development costs • Time-consuming to design • Commercial hardware still outperforms by 100x (and growing…) High Assurance Processors (secure)
Intro/Motivation Modern Microprocessors High Assurance Processors (secure) Commercial Processors (high speed) The solution
Intro/Motivation Thesis Statement • The functionality of a processor can be extended after making minimal changes to its design. We introduce several novel methods of adding security to processors, including the use of 3D Integration, resulting in secure processors that retain high performance.
Outline 3D-Security • Intro/Motivation • 3D Security • 3D Crypto • Work in Progress • Timeline • Conclusion
3D-Sec: Current Trends 3D-Security • Ideal: Fast and affordable high assurance systems • Resilient against attacks • Low cost • High performance
New Technology – 3D Integration 3D-Security • 3D Integration • 2 or more dies stacked as one system • Foundry level option Second die L2 Cache (1x SRAM) CPU Base Processor CPU L1 CPU CPU L1
3D-Sec: Idea 3D-Security • Past Work: 3D Passive Monitors (Mysore et al. 2006) • Analyze data from base processor • Our Contribution – 3D Active Monitors (Valamehr et al. 2010) • Information flow control • Arbitration of communication • Partitioning of resources
3D-Sec: Idea 3D-Security • Benefits with 3D Integration
3D-Sec: Idea 3D-Security • Challenge • Normal operation if 3D layer absent • Security functions if 3D layer present
3D Security Layer – Circuit Level Primitives 3D-Security • Circuit-level primitives for an active monitor (a) Tapping (b) Re-routing (c) Overriding (d) Disabling = 3D layer connections = Signal flow
3D Security Layer – Tapping 3D-Security • Tapping sends requested signal to the 3-D control plane Tapping
3D Security Layer – Disabling 3D-Security • Disabling effectively blocks the transmission of signals X Disabling
3D Security Layer – Disabling 3D-Security • Theoretical 3-D Application: Mutual Trust Shared Bus Protocols Core 0 Core 1 = Post to the 3-D control plane = Signal flow L1 $ L1 $ ... … Shared Bus Shared L2 $
3D Security Layer – Re-routing 3D-Security • Re-routing sends requested signals to 3-D plane, and blocks their original transmission X Re-routing
3D Security Layer – Re-routing 3D-Security 1. • Theoretical 3-D Application: Crypto Co-processor Crypto Control Unit AES RSA DES 3-D Control Plane … … 1. Crypto Instruction 2. Result 2. Standard Execution Pipeline Computation Plane … … Reg File INST L1 $
3D Security Layer – Overriding 3D-Security • Overriding blocks transmission of signal, while simultaneously injecting a new value Overriding
3D Security Layer – Gate Level Primitives 3D-Security • Gate-level primitives in out out in Rerouting Tapping in out in out Disabling Overriding
3D Security Layer – General Primitive 3D-Security • General primitive
3D Security 3D-Security • Area overhead of general primitive(s) 4.5% increase
Background – Side-Channel Attacks 3D-Security • Access-driven cache attack (Percival 2005) Victim Process Shared Cache Attacker Process
3D Security Layer – Example Application 3D-Security • 3-D Cache Eviction Monitor • Keep trusted process cache lines locked • Maintain secrecy of the private key
3D Security Layer – Example Application 3D-Security • 3D Cache Eviction Monitor
3D Security Layer – Example Application 3D-Security • Cache Performance
Outline 3D-Crypto • Intro/Motivation • 3D Security • 3D Crypto • Work in Progress • Timeline • Conclusion
3D Crypto - Motivation 3D-Crypto • Current Crypto Co-processors • Off-die co-processor, or utilizing core in CMPs • Prone to tamper, vulnerable to side-channels • Lower performance • IdealCrypto Co-processors • High integrity of data being processed • Tamper-proof and immune to attacks • High performance
3D Crypto Co-processor 3D-Crypto Crypto Control Crypto Co-processor RNG AES D-H Dedicated Crypto Memory L2 Cache (1x SRAM) RSA DES RC4 MD5 CPU Main Processor CPU L1 CPU CPU L1
3D Crypto – Security Ramifications 3D-Crypto • Threat Models (Valamehr et al. 2011) • Physical tamper • Memory remanence • Access-driven cache side-channel attacks • Time-driven cache side-channel attacks • Fault analysis • Electromagnetic analysis • Power analysis • Thermal analysis
3D Crypto – Future work 3D-Crypto • Potential cost savings with 3D • Use of older technologies • Relationship between: • Performance • Power • Cost
Outline Work in Progress • Intro/Motivation • 3D Security • 3D Crypto • Work in Progress • Timeline • Conclusion
MACS – MicroArchitectural Context Switches Work in Progress Old VM New VM • Trends • Multiple VMs on same chip • Idle cores are utilized • Problems that arise • Side-channels • Data remanence VM 1 VM 2 VM 3 BP BP BP BP L1 $ L1 $ L1 $ L1 $ Shared L2 $
MACS – Initial Experiment Work in Progress • State clearing sensitivity • Simplescalar simulator • Implemented “Clear” function • Clear L1 and L2 caches every X cycles • SPEC2K benchmarks • How much is performance affected?
MACS – Simulation Parameters Work in Progress • Single superscalar processor • Modeled after AMD Shanghai CPU • 64KB L1 I-cache • 64KB L1 D-cache • 512KB L2 cache
MACS – Simulations Work in Progress
MACS – Simulations Work in Progress
MACS – Potential Directions Work in Progress • Is clearing enough? • Do we need to pack/unpack? • Best way to clear lots of state? • More frequent switching applications • Fine-grain VMs • Mobile devices • Real-time systems
3D Extensible ISAs - Idea Work in Progress • 3D layer that implements new instructions • Connects to control unit on existing processor • May have new functional units • Extends the ISA of processor • Allows reuse of fast processor • Examples • Multimedia • Crypto
3D Extensible ISAs - Approach Work in Progress • Design Control unit with free opcodes • Set aside a set of opcodes as available – NoOPs on base layer • Make every instruction explicit with controls – Any instruction not specified will be a NoOP • Find hook points • What data does the 3D layer need? • Which signals does the 3D need to change?
3D Extensible ISAs – Hook Points Work in Progress Base Layer Control unit If opcode isn’t covered: NoOP Read opcode and register addresses (Tap) Replace data (Override) Read register values if shared with 3-D layer (Tap)
3D Extensible ISAs – Implementation Work in Progress • How to connect modules • On a fabbed chip, use 3D primitives • In HDL, use gate-level primitives Tap Re-route Overwrite
3D Extensible ISAs – To do list Work in Progress • Integrate Simple CPU with AES/ECC • Find hook points • Figure out connection logic • Figure out timing issues • Crypto instructions into benchmarks • Insert them into benchmarks as assembly • Compile • Run through processor/crypto combo
Outline Timeline • Intro/Motivation • 3D Security • 3D Crypto • Work in Progress • Timeline • Conclusion
Timeline Timeline • Spring 2012 • 3D-Crypto • 3D-Extensible ISAs • Fall 2012 • 3D-Extensible ISAs • MACS • Another project • Winter/Spring 2013 • Thesis • Defense
Outline Timeline • Intro/Motivation • 3D Security • 3D Crypto • Work in Progress • Timeline • Conclusion
Publications Conclusion • Inspection Resistant Memory: Architectural Support for Security from Physical ExaminationJonathan Valamehr, Andrew Putnam, Daniel Shumow, Melissa Chase, SenyKamara, VinodVaikuntanathan, and Timothy Sherwood. Proceedings of the International Symposium of Computer Architecture. (ISCA), June 2012. Portland, Oregon. • A Qualitative Security Analysis of a New Class of 3-D Integrated Crypto Co-processorsJonathan Valamehr, Ted Huffmire, Cynthia Irvine, Ryan Kastner, Cetin Kaya Koc, Timothy Levin, and Timothy Sherwood. Festschrift Jean-Jacques Quisquater, to appear, D. Naccache, editor, LNCS Nr. 6805, Springer, 2011. • Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow SecurityMohitTiwari, Jason Oberg, Xun Li, Jonathan Valamehr, Timothy Levin, Ben Hardekopf, Ryan Kastner, Frederic T Chong, and Timothy Sherwood. in Proceedings of the International Symposium of Computer Architecture (ISCA), June 2011. San Jose, CA. • Hardware Assistance for Trustworthy Systems through 3-D IntegrationJonathan Valamehr, MohitTiwari, and Timothy Sherwood, Ryan Kastner, Ted Huffmire, Cynthia Irvine and Timothy Levin. Proceedings of the Annual Computer Security Applications Conference (ACSAC), December 2010. Austin, Texas. • Hardware Trust Implications of 3-D IntegrationTed Huffmire, Timothy Levin, Michael Bilzor, Cynthia Irvine, Jonathan Valamehr, MohitTiwari, Timothy Sherwood, and Ryan Kastner. Workshop on Embedded Systems Security (WESS), October 2010. Scottsdale, Arizona. • A Small Cache of Large Ranges: Hardware Methods for Efficiently Searching, Storing, and Updating Big Dataflow TagsMohitTiwari, Banit Agrawal, Shashidhar Mysore, Jonathan Valamehr, and Timothy Sherwood. Proceedings of the International Symposium on Microarchitecture (Micro), November 2008. Lake Como, Italy. • Designing Secure Systems on Reconfigurable HardwareTed Huffmire, Brett Brotherton, Nick Callegari, Jonathan Valamehr, Jeff White, Ryan Kastner, and Tim Sherwood. ACM Transactions on Design Automation of Electronic Systems (TODAES) Vol 13 No 3, July 2008. • Trustworthy System Security through 3-D Integrated HardwareTed Huffmire, Jonathan Valamehr, Timothy Sherwood, Ryan Kastner, Timothy Levin, Thuy D. Nguyen, and Cynthia Irvine. Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2008) June 2008. Anaheim, CA. • High-Assurance System Support through 3-D IntegrationTheodore Huffmire, Tim Levin, Cynthia Irvine, Thuy Nguyen, Jonathan Valamehr, Ryan Kastner, and Tim Sherwood. NPS Technical Report NPS-CS-07-016, November 2007.
Publications Conclusion • Opportunities and Challenges of using Plasmonic Components in Nanophotonic Architectures Hassan Wassel, Daoxin Dai, Luke Theogarajan, Jennifer Dionne, MohitTiwari, Jonathan Valamehr, Frederic Chong, and Timothy Sherwood. IEEE Journal on Emerging and Selected Topics in Circuits and Systems (JETCAS) To appear • Towards Chip-Scale Plasmonic InterconnectsHassan M. G. Wassel, MohitTiwari, Jonathan Valamehr, Luke Theogarajan, Jennifer Dionne, Frederic T. Chong, and Timothy Sherwood. Workshop on the Interaction between Nanophotonic Devices and Systems (WINDS) December 2010. Atlanta, Georgia.
Acknowledgements Conclusion • Labmates • Committee members • Collaborators at NPS, UCSD, MSR, GA Tech • Janet Kayfetz
3-D Security • Thank you!