A high-performance, low-overhead microarchitecture for secure program execution

High performance and low power consumption have traditionally been the primary design goals for computer architects. With computer systems facing a wave of attacks that disrupt their normal execution or leak sensitive data, computer security is no longer an afterthought. Dynamic integrity checking has emerged as a possible solution to protect computer systems by thwarting various attacks. Dynamic integrity checking involves calculation of hashes of the instructions in the code being executed and comparing these hashes against corresponding precomputed hashes at runtime. The processor pipeline is stalled and the instructions are not allowed to commit until the integrity check is complete. Such an approach has severe performance implications as it stalls the pipeline for several cycles. In this paper, we propose a hardware-based dynamic integrity checking approach that does not stall the processor pipeline. We permit the instructions to commit before the integrity check is complete, and allow them to make changes to the register file, but not the data cache. The system is rolled back to a known state if the checker deems the instructions as modified. Our experiments show an average performance overhead of 1.66%, area overhead of 4.25%, and a power overhead of 2.45% over a baseline processor.

[1]  Alok N. Choudhary,et al.  CODESSEAL: Compiler/FPGA Approach to Secure Applications , 2005, ISI.

[2]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[3]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[4]  Ruby B. Lee,et al.  Enlisting Hardware Architecture to Thwart Malicious Code Injection , 2004, SPC.

[5]  Pedro López,et al.  Multi2Sim: A Simulation Framework to Evaluate Multicore-Multithreaded Processors , 2007, 19th International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD'07).

[6]  John Paul Shen,et al.  Processor Control Flow Monitoring Using Signatured Instruction Streams , 1987, IEEE Transactions on Computers.

[7]  Ramesh Karri,et al.  Feasibility study of dynamic Trusted Platform Module , 2010, 2010 IEEE International Conference on Computer Design.

[8]  Derek Bruening,et al.  Secure Execution via Program Shepherding , 2002, USENIX Security Symposium.

[9]  Ruby B. Lee,et al.  Runtime execution monitoring (REM) to detect and prevent malicious code execution , 2004, IEEE International Conference on Computer Design: VLSI in Computers and Processors, 2004. ICCD 2004. Proceedings..

[10]  Jung Ho Ahn,et al.  McPAT: An integrated power, area, and timing modeling framework for multicore and manycore architectures , 2009, 2009 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[11]  Srivaths Ravi,et al.  Energy and Execution Time Analysis of a Software-based Trusted Platform Module , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[12]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[13]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[14]  Angelos D. Keromytis,et al.  Countering code-injection attacks with instruction-set randomization , 2003, CCS '03.

[15]  Miodrag Potkonjak,et al.  Enabling trusted software integrity , 2002, ASPLOS X.

[16]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.