Advertisement

The Reduced Address Space (RAS) for Application Memory Authentication

  • David Champagne
  • Reouven Elbaz
  • Ruby B. Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5222)

Abstract

Memory authentication is the ability to detect unauthorized modification of memory. Existing solutions for memory authentication are based on tree structures computed over either the Physical Address Space (PAS tree) or the Virtual Address Space (VAS tree). We show that the PAS tree is vulnerable to branch splicing attacks when providing memory authentication to an application running on a potentially compromised operating system. We also explain why the VAS tree generates initialization and memory overheads so large as to make it impractical, especially on 64-bit address spaces. To enable secure and efficient application memory authentication, we present a novel Reduced Address Space (RAS) containing only those pages that are useful to a protected application at any point in time. We introduce the Tree Management Unit (TMU) to manage the RAS tree, a dynamically expanding memory integrity tree computed over the RAS. The TMU is scalable, enabling tree schemes to scale up to cover 64-bit address spaces. It dramatically reduces the overheads of application memory authentication without weakening the security properties or degrading runtime performance. For SPEC 2000 benchmarks, the TMU speeds up tree initialization and reduces memory overheads by three orders of magnitude on average.

Keywords

Memory authentication integrity tree secure computing architecture 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Blum, M., Evans, W., Gemmell, P., Kannan, S., Noar, M.: Checking the correctness of memories. Algorithmica 12(2/3), 225–244 (1994)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Burger, D., Austin, T.M.: The SimpleScalar Tool Set, Version 2.0., Technical report, University of Wisconsin-Madison Computer Science Department (1997)Google Scholar
  3. 3.
    Elbaz, R., Champagne, D., Lee, R.B., Torres, L., Sassatelli, G., Guillemin, P.: TEC-Tree: A Low Cost and Parallelizable Tree for Efficient Defense against Memory Replay Attacks. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 289–302. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Gassend, B., Clarke, D., van Dijk, M., Devadas, S., Suh, E.: Caches and Merkle Trees for Efficient Memory Authentication. High Performance Computer Architecture (HPCA-9) (February 2003)Google Scholar
  5. 5.
    González-Barahona, J.M., Ortuño Pérez, M.A., Quirós, P.H., González, J.C., Olivera, V.M.: Counting potatoes: the size of Debian 2.2 (2002), http://people.debian.org/~jgb/debian-counting/counting-potatoes/
  6. 6.
    Hall, W.E., Jutla, C.S.: Parallelizable Authentication Trees. Selected Areas in Cryptography, pp. 95–109 (2005)Google Scholar
  7. 7.
    Hatton, L.: Estimating source lines of code from object code: Windows and Embedded Control Systems (2005), http://www.leshatton.org/LOC2005.html
  8. 8.
    Henning, J.L.: SPEC CPU2000: Measuring CPU performance in the new millenniumm. IEEE Computer (July 2000)Google Scholar
  9. 9.
    I.B.M.: IBM Extends Enhanced Data Security to Consumer Electronics Products. IBM (April 2006), http://www-03.ibm.com/press/us/en/pressrelease/19527.wss
  10. 10.
    Intel, Intel Trusted Execution Technology: Preliminary Architecture Specification (November 2006), http://www.intel.com
  11. 11.
    Kannan, K., Telang, R.: Economic analysis of market for software vulnerabilities. In: Workshop on Economics and Information Security, Minneapolis, MN, USA (May 2004)Google Scholar
  12. 12.
    Lee, R.B., Kwan, P.C.S., McGregor, J.P., Dwoskin, J., Wang, Z.: In: Architecture for Protecting Critical Secrets in Microprocessors, Int’l Symposium on Computer Architecture (ISCA-1932), pp. 2–13 (June 2005)Google Scholar
  13. 13.
    Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural Support for Copy and Tamper Resistant Software. In: Int’l Conf. on Architectural Support for Programming Languages and OS (ASPLOS-IX), pp. 168–177 (2000)Google Scholar
  14. 14.
    Merkle, R.C.: Protocols for Public Key Cryptosystems. In: IEEE Symposium on Security and Privacy, pp. 122–134 (1980)Google Scholar
  15. 15.
    Rogers, B., Rogers, B., Chhabra, S., Solihin, Y., Prvulovic, M.: Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly. In: Proc. of the 40th Annual IEEE/ACM International Symposium on Microarchitecture, pp. 183–196 (2007)Google Scholar
  16. 16.
    Shi, W., Lu, C., Lee, H.S.: Memory-centric Security Architecture. In: 2005 International Conference on High Performance Embedded Architectures and Compilers (2005)Google Scholar
  17. 17.
    Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing. In: Proc. of the 17th Int’l Conf. on Supercomputing (ICS) (2003)Google Scholar
  18. 18.
    Yan, C., Rogers, B., Englender, D., Solihin, Y., Prvulovic, M.: Improving Cost, Performance, and Security of Memory Encryption and Authentication. In: Int’l Symposium on Computer Architecture (ISCA-1933), pp. 179–190 (June 2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • David Champagne
    • 1
  • Reouven Elbaz
    • 1
  • Ruby B. Lee
    • 1
  1. 1.Department of Electrical EngineeringPrinceton UniversityPrincetonUSA

Personalised recommendations