Interposer-Based Root of Trust

Industry is moving towards large-scale system-on-chip (SoC) designs where heterogeneous components such as processor cores, DSPs, memory controllers, and accelerator units are bundled via 2.5D integration. That is, these components are fabricated separately onto chiplets and then integrated using an interconnect carrier, a so-called interposer. Independently, however, general-purpose SoC architectures have raised significant security concerns. Therefore, with many IP modules and hardware components coming from various third-party vendors and manufacturers, ensuring security and integrity of chiplets-based system is a grand challenge. Further, malicious software running within a chiplet can pose significant risks as well. In this work, we propose to leverage an active interposer as secure-by-construction, generic root of trust platform for such modern systems. Our work presents a new architectural framework where untrusted processing elements, running untrusted code, are integrated on top of such an interposer-based root of trust, allowing us to detect and prevent any form of malicious messages exchanged between the heterogeneous components. Our technique has limited design overhead that is furthermore restricted to the active interposer, allowing the heterogeneous components within chiplets to remain untouched. We show that our scheme correctly handles attempted security violations with little impact on system performance, around 4%.

[1]  Peter G. Neumann,et al.  The CHERI capability model: Revisiting RISC in an age of risk , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[2]  Ryan Kastner,et al.  Hardware assistance for trustworthy systems through 3-D integration , 2010, ACSAC '10.

[3]  Chip-Hong Chang,et al.  An Overview of Hardware Security and Trust: Threats, Countermeasures, and Design Tools , 2021, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[4]  Natalie D. Enright Jerger,et al.  Modular Routing Design for Chiplet-Based Systems , 2018, 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA).

[5]  Kevin M. Lepak,et al.  Cache Hierarchy and Memory Subsystem of the AMD Opteron Processor , 2010, IEEE Micro.

[6]  Jeyavijayan Rajendran,et al.  Hardware-based attacks to compromise the cryptographic security of an election system , 2016, 2016 IEEE 34th International Conference on Computer Design (ICCD).

[7]  Gianluca Palermo,et al.  Secure Memory Accesses on Networks-on-Chip , 2008, IEEE Transactions on Computers.

[8]  Ozgur Sinanoglu,et al.  2.5D Root of Trust: Secure System-Level Integration of Untrusted Chiplets , 2020, IEEE Transactions on Computers.

[9]  James K. Archibald,et al.  An economical solution to the cache coherence problem , 1984, ISCA '84.

[10]  Krste Asanovic,et al.  Mondrix: memory isolation for linux using mondriaan memory protection , 2005, SOSP '05.

[11]  Srinivas Devadas,et al.  DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[12]  Srdjan Capkun,et al.  Thermal Covert Channels on Multi-core Platforms , 2015, USENIX Security Symposium.

[13]  Catherine H. Gebotys,et al.  A framework for security on NoC technologies , 2003, IEEE Computer Society Annual Symposium on VLSI, 2003. Proceedings..

[14]  Atsushi Sakai,et al.  A 100GB/s wide I/O with 4096b TSVs through an active silicon interposer with in-place waveform capturing , 2013, 2013 IEEE International Solid-State Circuits Conference Digest of Technical Papers.

[15]  Yuan Xiao,et al.  SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[16]  Josep Torrellas,et al.  Secure hierarchy-aware cache replacement policy (SHARP): Defending against cache-based side channel attacks , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[17]  David A. Wood,et al.  Multicast snooping: a new coherence method using a multicast address network , 1999, ISCA.

[18]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[19]  Tao Wei,et al.  COIN Attacks: On Insecurity of Enclave Untrusted Interfaces in SGX , 2020, ASPLOS.

[20]  Hansen Zhang,et al.  Architectural Support for Containment-based Security , 2019, ASPLOS.

[21]  Kang G. Shin,et al.  ICAS: an Extensible Framework for Estimating the Susceptibility of IC Layouts to Additive Trojans , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[22]  Vijayalakshmi Srinivasan,et al.  A Tagless Coherence Directory , 2009, 2009 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[23]  Christian Rossow,et al.  ret2spec: Speculative Execution Using Return Stack Buffers , 2018, CCS.

[24]  Milos Doroslovacki,et al.  Are Coherence Protocol States Vulnerable to Information Leakage? , 2018, 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[25]  Maxime Argoud,et al.  Active Interposer Technology for Chiplet-Based Advanced 3D System Architectures , 2019, 2019 IEEE 69th Electronic Components and Technology Conference (ECTC).

[26]  Thomas Eisenbarth,et al.  SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks , 2019, USENIX Security Symposium.

[27]  Johannes Götzfried,et al.  Hardware-Based Trusted Computing Architectures for Isolation and Attestation , 2018, IEEE Transactions on Computers.

[28]  D. Lenoski,et al.  The SGI Origin: A ccnuma Highly Scalable Server , 1997, Conference Proceedings. The 24th Annual International Symposium on Computer Architecture.

[29]  Samuel Weiser,et al.  Practical Enclave Malware with Intel SGX , 2019, DIMVA.

[30]  Asmit De,et al.  Cache-Out: Leaking Cache Memory Using Hardware Trojan , 2020, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[31]  Sung Kyu Lim,et al.  Architecture, Chip, and Package Co-design Flow for 2.5D IC Design Enabling Heterogeneous IP Reuse , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[32]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[33]  Srinivas Devadas,et al.  Sanctorum: A lightweight security monitor for secure enclaves , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[34]  Margaret Martonosi,et al.  MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols , 2018, ArXiv.

[35]  Swarup Bhunia,et al.  Security Assurance for System-on-Chip Designs With Untrusted IPs , 2017, IEEE Transactions on Information Forensics and Security.

[36]  Yongqiang Lyu,et al.  VoltJockey: Breaching TrustZone by Software-Controlled Voltage Manipulation over Multi-core Frequencies , 2019, CCS.

[37]  Dennis Sylvester,et al.  A2: Analog Malicious Hardware , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[38]  Josep Torrellas,et al.  SecDir: A Secure Directory to Defeat Directory Side-Channel Attacks , 2019, 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA).

[39]  Pedro Fonseca,et al.  SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[40]  Josep Torrellas,et al.  InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[41]  Nobuo Hayasaka,et al.  Silicon interposer technology for high-density package , 2000, 2000 Proceedings. 50th Electronic Components and Technology Conference (Cat. No.00CH37070).

[42]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[43]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave , 2016, HASP 2016.

[44]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[45]  Yubin Xia,et al.  vTZ: Virtualizing ARM TrustZone , 2017, USENIX Security Symposium.

[46]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[47]  Natalie D. Enright Jerger,et al.  NoC Architectures for Silicon Interposer Systems: Why Pay for more Wires when you Can Get them (from your interposer) for Free? , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[48]  Niraj K. Jha,et al.  In-Network Snoop Ordering (INSO): Snoopy coherence on unordered interconnects , 2009, 2009 IEEE 15th International Symposium on High Performance Computer Architecture.

[49]  Carl A. Waldspurger,et al.  Speculative Buffer Overflows: Attacks and Defenses , 2018, ArXiv.

[50]  Julian Stecklina,et al.  LazyFP: Leaking FPU Register State using Microarchitectural Side-Channels , 2018, ArXiv.

[51]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[52]  Reena Panda,et al.  B-Fetch: Branch Prediction Directed Prefetching for Chip-Multiprocessors , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[53]  Weidong Shi,et al.  Evaluating coherence-exploiting hardware Trojan , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[54]  S. Evain,et al.  From NoC security analysis to design solutions , 2005, IEEE Workshop on Signal Processing Systems Design and Implementation, 2005..

[55]  Malgorzata Marek-Sadowska,et al.  Making split-fabrication more secure , 2016, 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[56]  Jaehyuk Huh,et al.  Nested Enclave: Supporting Fine-grained Hierarchical Isolation with SGX , 2020, 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA).

[57]  Ramesh Karri,et al.  Building Trustworthy Systems Using Untrusted Components: A High-Level Synthesis Approach , 2016, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[58]  Krste Asanovic,et al.  Mondrian memory protection , 2002, ASPLOS X.

[59]  Nikos Nikoleris,et al.  The gem5 Simulator: Version 20.0+ , 2020, ArXiv.

[60]  R. Mahajan,et al.  Embedded Multi-die Interconnect Bridge (EMIB) -- A High Density, High Bandwidth Packaging Interconnect , 2016, 2016 IEEE 66th Electronic Components and Technology Conference (ECTC).

[61]  Yier Jin,et al.  QIF-Verilog: Quantitative Information-Flow based Hardware Description Languages for Pre-Silicon Security Assessment , 2019, 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[62]  Tushar Krishna,et al.  Kite: A Family of Heterogeneous Interposer Topologies Enabled via Accurate Interconnect Modeling , 2020, 2020 57th ACM/IEEE Design Automation Conference (DAC).

[63]  Samuel Naffziger,et al.  2.2 AMD Chiplet Architecture for High-Performance Server and Desktop Products , 2020, 2020 IEEE International Solid- State Circuits Conference - (ISSCC).

[64]  Ajay Joshi,et al.  Cross-Layer Co-Optimization of Network Design and Chiplet Placement in 2.5-D Systems , 2020, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[65]  Balaram Sinharoy,et al.  POWER5 system microarchitecture , 2005, IBM J. Res. Dev..

[66]  Brent Byunghoon Kang,et al.  Hacking in Darkness: Return-oriented Programming against Secure Enclaves , 2017, USENIX Security Symposium.

[67]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[68]  Nael B. Abu-Ghazaleh,et al.  Spectre Returns! Speculation Attacks Using the Return Stack Buffer , 2018, IEEE Design & Test.

[69]  Mihailo Isakov,et al.  Hermes: Secure heterogeneous multicore architecture design , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[70]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[71]  Xi Chen,et al.  No Need to Hide: Protecting Safe Regions on Commodity Hardware , 2017, EuroSys.