DynaPoMP: dynamic policy-driven memory protection for SPM-based embedded systems

Today's embedded systems are often used to access, store, manipulate, and communicate sensitive data. Embedded system security risks are exacerbated by emerging trends (e.g., network connectivity, application download service, migration to multiprocessors). To preserve data confidentiality, various memory encryption schemes have been proposed, however, the overhead of encryption and decryption operations that precede memory access are very high and can lead to significant performance degradation, particularly for embedded systems. In this paper, we propose DynaPoMP, a novel dynamic policy-driven scratchpad memory allocation methodology that ensures data confidentiality while minimizing the memory access latency overhead. We define three allocation policies to ensure confidentiality of sensitive data. The first policy, called SensitivityFirst, retains sensitive data in trusted on-chip SPM as long as possible, thereby minimizing the number of encryption/decryption operations due to off-chip memory accesses. The second policy, called AccessFirst, protects data mapped to off-chip memory via selective encryption/decryption, while mapping data sets with highest utilization to on-chip memory space and reducing number of off-chip memory accesses. Finally, the third policy, referred to as Hybrid, trades-off space given to sensitive data and non-sensitive data, with the goal of reducing the execution time of the given application. Our results on a set of security-enhanced embedded benchmarks from Mediabench II show that DynaPoMP reduces the total latency by up to 42.82% when compared to conventional dynamic scratchpad allocation schemes without considering encryption latency.

[1]  Hsien-Hsin S. Lee,et al.  Architectural support for high speed protection of memory integrity and confidentiality in multiprocessor systems , 2004, Proceedings. 13th International Conference on Parallel Architecture and Compilation Techniques, 2004. PACT 2004..

[2]  Rajeev Barua,et al.  Dynamic allocation for scratch-pad memory using compile-time decisions , 2006, TECS.

[3]  Srivaths Ravi,et al.  Tamper resistance mechanisms for secure embedded systems , 2004, 17th International Conference on VLSI Design. Proceedings..

[4]  Peter Marwedel,et al.  Cache-aware scratchpad allocation algorithm , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[5]  Brian Rogers,et al.  Efficient data protection for distributed shared memory multiprocessors , 2006, 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[6]  Rajeev Barua,et al.  An optimal memory allocation scheme for scratch-pad-based embedded systems , 2002, TECS.

[7]  Mark Horowitz,et al.  Specifying and verifying hardware for tamper-resistant software , 2003, 2003 Symposium on Security and Privacy, 2003..

[8]  Nikil D. Dutt,et al.  PoliMakE: a policy making engine for secure embedded software execution on chip-multiprocessors , 2010, WESS '10.

[9]  Rajeev Barua,et al.  Heap data allocation to scratch-pad memory in embedded systems , 2005, J. Embed. Comput..

[10]  Xiangyu Zhang,et al.  SENSS: security enhancement to symmetric shared memory multiprocessors , 2005, 11th International Symposium on High-Performance Computer Architecture.

[11]  Matthew Mayhew,et al.  Low-power AES coprocessor in 0.18 µm CMOS technology for secure microsystems , 2009 .

[12]  Hsien-Hsin S. Lee,et al.  Towards the issues in architectural support for protection of software execution , 2005, CARN.

[13]  Carl von Platen,et al.  Storage allocation for embedded processors , 2001, CASES '01.

[14]  Srivaths Ravi,et al.  SECA: security-enhanced communication architecture , 2005, CASES '05.

[15]  Sumesh Udayakumaran,et al.  Compiler-decided dynamic memory allocation for scratch-pad based embedded systems , 2003, CASES '03.

[16]  Peter Marwedel,et al.  Scratchpad memory: a design alternative for cache on-chip memory in embedded systems , 2002, Proceedings of the Tenth International Symposium on Hardware/Software Codesign. CODES 2002 (IEEE Cat. No.02TH8627).

[17]  Rajeev Barua,et al.  Scratch-pad memory allocation without compiler support for java applications , 2007, CASES '07.

[18]  Luca Benini,et al.  A post-compiler approach to scratchpad mapping of code , 2004, CASES '04.

[19]  Peter Marwedel,et al.  Dynamic overlay of scratchpad memory for energy minimization , 2004, International Conference on Hardware/Software Codesign and System Synthesis, 2004. CODES + ISSS 2004..

[20]  Laszlo A. Belady,et al.  A Study of Replacement Algorithms for Virtual-Storage Computer , 1966, IBM Syst. J..

[21]  Nikil D. Dutt,et al.  An Experimental Study on Energy Consumption of Video Encryption for Mobile Handheld Devices , 2005, 2005 IEEE International Conference on Multimedia and Expo.

[22]  Rajeev Barua,et al.  Heterogeneous memory management for embedded systems , 2001, CASES '01.

[23]  Peter Marwedel,et al.  Assigning program and data objects to scratchpad for energy reduction , 2002, Proceedings 2002 Design, Automation and Test in Europe Conference and Exhibition.

[24]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[25]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[26]  Hsien-Hsin S. Lee,et al.  High efficiency counter mode security architecture via prediction and precomputation , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[27]  Irving L. Traiger,et al.  Evaluation Techniques for Storage Hierarchies , 1970, IBM Syst. J..

[28]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[29]  Marten van Dijk,et al.  Efficient memory integrity verification and encryption for secure processors , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[30]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003 .

[31]  Jun Yang,et al.  Fast secure processor for inhibiting software piracy and tampering , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[32]  Jean-Didier Legat,et al.  Enhancing security in the memory management unit , 1999, Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium.

[33]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[34]  Norbert Wehn,et al.  Embedded DRAM Development: Technology, Physical Design, and Application Issues , 2001, IEEE Des. Test Comput..

[35]  B. Rogers,et al.  Improving Cost, Performance, and Security of Memory Encryption and Authentication , 2006, ISCA 2006.