Abstract
This paper presents a new security architecture for protecting software confidentiality and integrity. Different from the previous process-centric systems designed for the same purpose, the new architecture ties cryptographic properties and security attributes to memory instead of each individual user process. The advantages of such a memory centric design are many folds. First, it provides a better security model and access control on software privacy that supports both selective and mixed tamper resistant protection on software components from heterogeneous sources. Second, the new model supports and facilities tamper resistant secure information sharing in an open software system where both data and code components could be shared by different user processes. Third, the proposed security model and secure processor design allow software components protected with different security policies to inter-operate within the same memory space efficiently. Our new architectural support requires small silicon resources and its performance impact is minimal based on our experimental results using commercial MS Windows workloads and cycle based out-of-order processor simulation.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Cohen, E., Jefferson, D.: Protection in the hydra operating system. In: Proceedings of the 5th Symposium on Operating Systems Principles (1975)
Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectual Support For Copy and Tamper Resistant Software. In: Proceedings of the 9th Symposium on Architectural Support for Programming Languages and Operating Systems (2000)
Lie, D., Thekkath, C.A., Horowitz, M.: Implementing an Untrusted Operating System on Trusted Hardware. In: Proceedings of the Symposium on Operating Systems Principles (2003)
Needham, R.M., Walker, R.D.: The Cambridge CAP Computer and its Protection System. In: Proceedings of the Symposium on Operating Systems Principles (1977)
Shi, W., Lee, H.-H.S., Ghosh, M., Lu, C., Boldyreva, A.: High Efficiency Counter Mode Security Architecture via Prediction and Precomputation. In: Proceedings of the International Symposium on Computer Architecture (2005)
Suh, E.G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Efficient Memory Integrity Verification and Encryption for Secure Processors. In: Proceedings 0f the 36th Annual International Symposium on Microarchitecture (2003)
Suh, E.G., Clarke, D., van Dijk, M., Gassend, B., Devadas, S.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing. In: Proceedings of the International Conference on Supercomputing (2003)
Vachharajani, N., Bridges, M.J., Chang, J., Rangan, R., Ottoni, G., Blome, J.A., Reis, G.A., Vachharajani, M., August, D.I.: RIFLE: An Architectural Framework for User-Centric Information-Flow Security. In: Proceedings of the International Symposium on Microarchitecture (2004)
Vlaovic, S., Davidson, E.S.: TAXI: Trace Analysis for X86 Interpretation. In: Proceedings of the 2002 IEEE International Conference on Computer Design (2002)
Witchel, E.J.: Mondrian Memory Protection. PhD thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology (2004)
Yang, J., Zhang, Y., Gao, L.: Fast Secure Processor for Inhibiting Software Piracty and Tampering. In: Proceedings of International Symposium on Microarchitecture (2003)
Zhuang, X., Zhang, T., Pande, S.: HIDE: an Infrastructure for Efficiently Protecting Information Leakage on the Address Bus. In: Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems (2004)
Zhuang, X., Zhang, T., Pande, S., Lee, H.-H.S.: HIDE: Hardware-support for Leakage-Immune Dynamic Execution. Technical Report GIT-CERCS-03-21, Geogia Institute of Technology (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shi, W., Lu, C., Lee, HH.S. (2005). Memory-Centric Security Architecture. In: Conte, T., Navarro, N., Hwu, Wm.W., Valero, M., Ungerer, T. (eds) High Performance Embedded Architectures and Compilers. HiPEAC 2005. Lecture Notes in Computer Science, vol 3793. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11587514_11
Download citation
DOI: https://doi.org/10.1007/11587514_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30317-6
Online ISBN: 978-3-540-32272-6
eBook Packages: Computer ScienceComputer Science (R0)