PoliMakE: a policy making engine for secure embedded software execution on chip-multiprocessors

Secure software execution on chip-multiprocessor platforms is compromised by threats such as software-based side channel attacks that expose information from shared memory. The increasing amount of shared (memory or computational) resources on emerging chip-multiprocessors further exacerbates security threats, highlighting the need for secure policies to manage on-chip resources. We present PoliMakE, a methodology that enables exploration and generation of customized policies to guarantee secure software execution on a chip-multiprocessor system in the presence of software-based side channel attacks. PoliMakE analyzes an application's security needs and generates a series of custom policies that dictate how to safely execute tasks and efficiently manage the computational, communication, and memory resources. Our experimental results on DRM, JPEG as well as some synthetic applications show that PoliMakE enables secure software execution with minimal performance overhead, while reducing power consumption, since the policies are customized to efficiently utilize the available on-chip resources. For the case study of running DRM in secure mode concurrently with JPEG encoding, we are able to observe 61% performance improvement when compared to standard approaches. Our policy generation engine is able to generate policies in only a matter of minutes for secure applications with hundreds of tasks. Unsecure applications were observed to resume execution up to 99% faster than with the traditional halt approach.

[1]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[2]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[3]  FangzheChang Secure, User-level Resource-constrained Sandboxing , 1999 .

[4]  Carla E. Brodley,et al.  SmashGuard: A Hardware Solution to Prevent Security Attacks on the Function Return Address , 2006, IEEE Transactions on Computers.

[5]  Carla E. Brodley,et al.  Detection and prevention of stack buffer overflow attacks , 2005, CACM.

[6]  H. Peter Hofstee,et al.  Cell Broadband Engine processor vault security architecture , 2007, IBM J. Res. Dev..

[7]  Alok N. Choudhary,et al.  Flexible software protection using hardware/software codesign techniques , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[8]  Mahmut T. Kandemir,et al.  A data-driven approach for embedded security , 2005, IEEE Computer Society Annual Symposium on VLSI: New Frontiers in VLSI Design (ISVLSI'05).

[9]  Vikas Agarwal,et al.  Clock rate versus IPC: the end of the road for conventional microarchitectures , 2000, Proceedings of 27th International Symposium on Computer Architecture (IEEE Cat. No.RS00201).

[10]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy software , 2005, TOPL.

[11]  James E. Smith,et al.  Isolation in Commodity Multicore Processors , 2007, Computer.

[12]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[13]  Kurt Keutzer,et al.  Efficient Parallelization of H.264 Decoding with Macro Block Level Scheduling , 2007, 2007 IEEE International Conference on Multimedia and Expo.

[14]  Sri Parameswaran,et al.  SHIELD: A software hardware design methodology for security and reliability of MPSoCs , 2008, 2008 45th ACM/IEEE Design Automation Conference.

[15]  Peter Marwedel,et al.  Scratchpad memory: a design alternative for cache on-chip memory in embedded systems , 2002, Proceedings of the Tenth International Symposium on Hardware/Software Codesign. CODES 2002 (IEEE Cat. No.02TH8627).

[16]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003 .

[17]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[18]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[19]  Srivaths Ravi,et al.  SECA: security-enhanced communication architecture , 2005, CASES '05.

[20]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[21]  Meikang Qiu,et al.  Security protection and checking for embedded system integration against buffer overflow attacks via hardware/software , 2006, IEEE Transactions on Computers.

[22]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[23]  Kunle Olukotun,et al.  The case for a single-chip multiprocessor , 1996, ASPLOS VII.

[24]  Srivaths Ravi,et al.  Secure embedded processing through hardware-assisted run-time monitoring , 2005, Design, Automation and Test in Europe.

[25]  Nikil D. Dutt,et al.  A Methodology for Power-aware Pipelining via High-Level Performance Model Evaluations , 2009, 2009 10th International Workshop on Microprocessor Test and Verification.

[26]  Jack W. Davidson,et al.  Secure and practical defense against code-injection attacks using software dynamic translation , 2006, VEE '06.

[27]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[28]  Nikil D. Dutt,et al.  Inter-kernel data reuse and pipelining on chip-multiprocessors for multimedia applications , 2009, 2009 IEEE/ACM/IFIP 7th Workshop on Embedded Systems for Real-Time Multimedia.