A high-performance, low-overhead microarchitecture for secure program execution

Arun K. Kanuparthi, Ramesh Karri, Gaston Ormazabal, Sateesh K. Addepalli

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

High performance and low power consumption have traditionally been the primary design goals for computer architects. With computer systems facing a wave of attacks that disrupt their normal execution or leak sensitive data, computer security is no longer an afterthought. Dynamic integrity checking has emerged as a possible solution to protect computer systems by thwarting various attacks. Dynamic integrity checking involves calculation of hashes of the instructions in the code being executed and comparing these hashes against corresponding precomputed hashes at runtime. The processor pipeline is stalled and the instructions are not allowed to commit until the integrity check is complete. Such an approach has severe performance implications as it stalls the pipeline for several cycles. In this paper, we propose a hardware-based dynamic integrity checking approach that does not stall the processor pipeline. We permit the instructions to commit before the integrity check is complete, and allow them to make changes to the register file, but not the data cache. The system is rolled back to a known state if the checker deems the instructions as modified. Our experiments show an average performance overhead of 1.66%, area overhead of 4.25%, and a power overhead of 2.45% over a baseline processor.

Original languageEnglish (US)
Title of host publication2012 IEEE 30th International Conference on Computer Design, ICCD 2012
Pages102-107
Number of pages6
DOIs
StatePublished - 2012
Event2012 IEEE 30th International Conference on Computer Design, ICCD 2012 - Montreal, QC, Canada
Duration: Sep 30 2012Oct 3 2012

Other

Other2012 IEEE 30th International Conference on Computer Design, ICCD 2012
CountryCanada
CityMontreal, QC
Period9/30/1210/3/12

Fingerprint

Pipelines
Computer systems
Security of data
Electric power utilization
Hardware
Experiments

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Hardware and Architecture

Cite this

Kanuparthi, A. K., Karri, R., Ormazabal, G., & Addepalli, S. K. (2012). A high-performance, low-overhead microarchitecture for secure program execution. In 2012 IEEE 30th International Conference on Computer Design, ICCD 2012 (pp. 102-107). [6378624] https://doi.org/10.1109/ICCD.2012.6378624

A high-performance, low-overhead microarchitecture for secure program execution. / Kanuparthi, Arun K.; Karri, Ramesh; Ormazabal, Gaston; Addepalli, Sateesh K.

2012 IEEE 30th International Conference on Computer Design, ICCD 2012. 2012. p. 102-107 6378624.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kanuparthi, AK, Karri, R, Ormazabal, G & Addepalli, SK 2012, A high-performance, low-overhead microarchitecture for secure program execution. in 2012 IEEE 30th International Conference on Computer Design, ICCD 2012., 6378624, pp. 102-107, 2012 IEEE 30th International Conference on Computer Design, ICCD 2012, Montreal, QC, Canada, 9/30/12. https://doi.org/10.1109/ICCD.2012.6378624
Kanuparthi AK, Karri R, Ormazabal G, Addepalli SK. A high-performance, low-overhead microarchitecture for secure program execution. In 2012 IEEE 30th International Conference on Computer Design, ICCD 2012. 2012. p. 102-107. 6378624 https://doi.org/10.1109/ICCD.2012.6378624
Kanuparthi, Arun K. ; Karri, Ramesh ; Ormazabal, Gaston ; Addepalli, Sateesh K. / A high-performance, low-overhead microarchitecture for secure program execution. 2012 IEEE 30th International Conference on Computer Design, ICCD 2012. 2012. pp. 102-107
@inproceedings{59afb88d9d044c6a9d7da59e343f9742,
title = "A high-performance, low-overhead microarchitecture for secure program execution",
abstract = "High performance and low power consumption have traditionally been the primary design goals for computer architects. With computer systems facing a wave of attacks that disrupt their normal execution or leak sensitive data, computer security is no longer an afterthought. Dynamic integrity checking has emerged as a possible solution to protect computer systems by thwarting various attacks. Dynamic integrity checking involves calculation of hashes of the instructions in the code being executed and comparing these hashes against corresponding precomputed hashes at runtime. The processor pipeline is stalled and the instructions are not allowed to commit until the integrity check is complete. Such an approach has severe performance implications as it stalls the pipeline for several cycles. In this paper, we propose a hardware-based dynamic integrity checking approach that does not stall the processor pipeline. We permit the instructions to commit before the integrity check is complete, and allow them to make changes to the register file, but not the data cache. The system is rolled back to a known state if the checker deems the instructions as modified. Our experiments show an average performance overhead of 1.66{\%}, area overhead of 4.25{\%}, and a power overhead of 2.45{\%} over a baseline processor.",
author = "Kanuparthi, {Arun K.} and Ramesh Karri and Gaston Ormazabal and Addepalli, {Sateesh K.}",
year = "2012",
doi = "10.1109/ICCD.2012.6378624",
language = "English (US)",
isbn = "9781467330503",
pages = "102--107",
booktitle = "2012 IEEE 30th International Conference on Computer Design, ICCD 2012",

}

TY - GEN

T1 - A high-performance, low-overhead microarchitecture for secure program execution

AU - Kanuparthi, Arun K.

AU - Karri, Ramesh

AU - Ormazabal, Gaston

AU - Addepalli, Sateesh K.

PY - 2012

Y1 - 2012

N2 - High performance and low power consumption have traditionally been the primary design goals for computer architects. With computer systems facing a wave of attacks that disrupt their normal execution or leak sensitive data, computer security is no longer an afterthought. Dynamic integrity checking has emerged as a possible solution to protect computer systems by thwarting various attacks. Dynamic integrity checking involves calculation of hashes of the instructions in the code being executed and comparing these hashes against corresponding precomputed hashes at runtime. The processor pipeline is stalled and the instructions are not allowed to commit until the integrity check is complete. Such an approach has severe performance implications as it stalls the pipeline for several cycles. In this paper, we propose a hardware-based dynamic integrity checking approach that does not stall the processor pipeline. We permit the instructions to commit before the integrity check is complete, and allow them to make changes to the register file, but not the data cache. The system is rolled back to a known state if the checker deems the instructions as modified. Our experiments show an average performance overhead of 1.66%, area overhead of 4.25%, and a power overhead of 2.45% over a baseline processor.

AB - High performance and low power consumption have traditionally been the primary design goals for computer architects. With computer systems facing a wave of attacks that disrupt their normal execution or leak sensitive data, computer security is no longer an afterthought. Dynamic integrity checking has emerged as a possible solution to protect computer systems by thwarting various attacks. Dynamic integrity checking involves calculation of hashes of the instructions in the code being executed and comparing these hashes against corresponding precomputed hashes at runtime. The processor pipeline is stalled and the instructions are not allowed to commit until the integrity check is complete. Such an approach has severe performance implications as it stalls the pipeline for several cycles. In this paper, we propose a hardware-based dynamic integrity checking approach that does not stall the processor pipeline. We permit the instructions to commit before the integrity check is complete, and allow them to make changes to the register file, but not the data cache. The system is rolled back to a known state if the checker deems the instructions as modified. Our experiments show an average performance overhead of 1.66%, area overhead of 4.25%, and a power overhead of 2.45% over a baseline processor.

UR - http://www.scopus.com/inward/record.url?scp=84872080751&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84872080751&partnerID=8YFLogxK

U2 - 10.1109/ICCD.2012.6378624

DO - 10.1109/ICCD.2012.6378624

M3 - Conference contribution

AN - SCOPUS:84872080751

SN - 9781467330503

SP - 102

EP - 107

BT - 2012 IEEE 30th International Conference on Computer Design, ICCD 2012

ER -