Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems

摘要

Recently there is a growing effort in both the architecture and the security community to create a hardware solution for authenticating system memory.As shown in the previous work, hardware-based memory authentication will become a vital component for creating future trusted computing environments and digital rights protection.Almost all these prior work have focused on authenticating memory exclusively owned by a single processing element.However, in today's computing platforms, memory is often shared by multiple processing elements that support a shared system memory with a snooping cache coherence protocol.Authenticating shared memory is a new challenge to memory protection. In this paper, we present a secure and fast architecture for authenticating shared memory.In terms of incorporating memory authentication into the processor pipeline, we propose a new scheme called Authentication Speculative Execution.Unlike the prior approaches, our scheme does not compromise security for performance.The novel ASE scheme is not only secure as it is combined with a one-time-pad (OTP) based memory encryption but also efficient to tolerate authentication latency by executing unauthenticated instructions speculatively.Results using modified RSIM running SPLASH2 benchmark show only 5% overhead in performance on dual and quad processor platforms.Furthermore, ASE shows 80% better performance on average over conservative non-speculative execution based authentication schemes.The scheme is of practical use for both multiprocessor systems and uni-processor systems where memory is shared by one main processor and other co-processors on the system bus.