Abstract
This article presents a new security model called MESA for protecting software confidentiality and integrity. Different from the previous process-centric systems designed for the same purpose, MESA ties cryptographic properties and security attributes to memory instead of each individual user process. The advantages of such a memory-centric design over the process-centric designs are many folds. First, it allows better access control on software privacy, which supports both selective and mixed tamper resistant protection on software components coming from heterogenous sources. Second, the new model supports and facilities tamper resistant secure information sharing in an open software system where both data and code components could be shared by different user processes. Third, the proposed security model and secure processor design allow software components protected with different security policies to inter-operate within the same memory space efficiently. The architectural support for MESA requires small silicon resources and its performance impact is minimal based on our experimental results using commercial MS Windows workloads and cycle based out-of-order processor simulator.
This research is supported by the National Science Foundation under award ITR/NGS-0325536 and a DOE Early CAREER PI Award.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Federal Information Processing Standard Draft, Advanced Encryption Standard (AES). National Institute of Standards and Technology (2001)
National Institude of Standards and Technology, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. SP-800-67 (2004)
Arbaugh, W.A., Farber, D.J., Smith, J.M.: A Secure and Reliable Bootstrap Architecture. In: Proceedings of the Symposium on Security and Privacy (1997)
Cohen, E., Jefferson, D.: Protection in the Hydra Operating System. In: Proceedings of the fifth ACM Symposium on Operating Systems Principles, ACM Press, New York (1975)
Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches And Merkle Trees For Efficient Memory Integrity Verification. In: Proceedings of the 9th International Symposium on High Performance Computer Architecture (2003)
Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectual Support For Copy and Tamper Resistant Software. In: Proceedings of the 9th Symposium on Architectural Support for Programming Languages and Operating Systems (2000)
Lie, D., Thekkath, C.A., Horowitz, M.: Implementing an Untrusted Operating System on Trusted Hardware. In: Proceedings of the Symposium on Operating Systems Principles (2003)
Needham, R.M., Walker, R.D.: The Cambridge CAP computer and its protection system. In: Proceedings of the Symposium on Operating Systems Principles (1977)
Shi, W., Lee, H.-H.S., Ghosh, M., Lu, C., Boldyreva, A.: High Efficiency Counter Mode Security Architecture via Prediction and Precomputation. In: Proceedings of the 32nd International Symposium on Computer Architecture (2005)
Suh, E.G., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Efficient Memory Integrity Verification and Encryption for Secure Processors. In: Proceedings of the 36th Annual International Symposium on Microarchitecture, December (2003)
Suh, E.G., Clarke, D., van Dijk, M., Gassend, B., Devadas, S.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing. In: Proceedings of the International Conference on Supercomputing (2003)
Vachharajani, N., Bridges, M.J., Chang, J., Rangan, R., Ottoni, G., Blome, J.A., Reis, G.A., Vachharajani, M., August, D.I.: RIFLE: An Architectural Framework for User-Centric Information-Flow Security. In: Proceedings of the 37th annual International Symposium on Microarchitecture (2004)
Vlaovic, S., Davidson, E.S.: TAXI: Trace Analysis for X86 Interpretation. In: Proceedings of the 2002 IEEE International Conference on Computer Design, IEEE Computer Society Press, Los Alamitos (2002)
Witchel, E.J.: Mondrian Memory Protection. PhD thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology (2004)
Yang, J., Zhang, Y., Gao, L.: Fast Secure Processor for Inhibiting Software Piracty and Tampering. In: Proceedings of the International Symposium on Microarchitecture (2003)
Zhuang, X., Zhang, T., Pande, S., Lee, H.-H.S.: HIDE: Hardware-support for Leakage-Immune Dynamic Execution. Report GIT-CERCS-03-21, Geogia Institute of Technology, Atlanta, GA (Nov. 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shi, W., Lu, C., Lee, HH.S. (2007). Memory-Centric Security Architecture. In: Stenström, P. (eds) Transactions on High-Performance Embedded Architectures and Compilers I. Lecture Notes in Computer Science, vol 4050. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71528-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-71528-3_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71527-6
Online ISBN: 978-3-540-71528-3
eBook Packages: Computer ScienceComputer Science (R0)