DISSECT: Dynamic Skew-and-Split Tree for Memory Authentication

Memory integrity trees are widely-used to protect external memories in embedded systems against replay, splicing and spoofing attacks. However, existing methods often result in high-performance overhead that is proportional to the height of the tree. Reducing the height of the integrity tree by increasing its arity, however, leads to frequent overflowing of the counters that are used for encryption in the tree. We will show that increasing the tree arity of a widely-use integrity tree from 2 to 8 can result in over 200% increase in memory authentication overhead for some benchmark applications, despite the reduction in tree height. In this paper, we propose DISSECT, a memory authentication framework which utilizes a dynamic memory integrity tree that can adapt to the memory access patterns of the application by progressively adjusting the tree height and arity in order to significantly reduce performance overhead. This is achieved by 1) initializing an integrity tree structure with the largest arity possible to meet the security requirements, 2) dynamically skewing the tree such that the more frequently accessed memory locations are positioned closer to the tree root (overcomes the tree height problem), and 3) dynamically splitting the tree at nodes with counters that are about to overflow (overcomes the counter overflow problem). Experimental results undertaken using Multi2Sim on benchmarks from SPEC-CPU2006, SPLASH-2, and PARSEC demonstrate the performance benefits of our proposed memory integrity tree.

[1]  Guiyuan Jiang,et al.  Customizing Skewed Trees for Fast Memory Integrity Verification in Embedded Systems , 2017, 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI).

[2]  G. Edward Suh,et al.  Caches and hash trees for efficient memory integrity verification , 2003, The Ninth International Symposium on High-Performance Computer Architecture, 2003. HPCA-9 2003. Proceedings..

[3]  Brian Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[4]  David R. Kaeli,et al.  Multi2Sim: A simulation framework for CPU-GPU computing , 2012, 2012 21st International Conference on Parallel Architectures and Compilation Techniques (PACT).

[5]  Guiyuan Jiang,et al.  Framework for Fast Memory Authentication Using Dynamically Skewed Integrity Tree , 2019, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[6]  Guiyuan Jiang,et al.  Dynamic skewed tree for fast memory integrity verification , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[7]  Jose Joao,et al.  Morphable Counters: Enabling Compact Integrity Trees For Low-Overhead Secure Memories , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[8]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[9]  Lionel Torres,et al.  TEC-Tree: A Low-Cost, Parallelizable Tree for Efficient Defense Against Memory Replay Attacks , 2007, CHES.

[10]  Lionel Torres,et al.  Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines , 2009, Trans. Comput. Sci..

[11]  Kartik Mohanram,et al.  ASSURE: Authentication Scheme for SecURE energy efficient non-volatile memories , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[12]  Rajeev Balasubramonian,et al.  VAULT: Reducing Paging Overheads in SGX with Efficient Integrity Verification Structures , 2018, ASPLOS.