GIT-CERCS-04-22
Weidong Shi, H.H. Sean Lee, Mrinmoy Ghosh,Chenghuai Lu,Tao Zhang,
Architecture Support for High Speed Protection of Memory Integrity and
Confidentiality in Symmetric Multiprocessor Systems
Recently there is a growing interest in both the architecture and
the security community to create a hardware based solution for
authenticating system memory. As shown in the previous work, such
silicon based memory authentication could become a vital component
for creating future trusted computing environments and digital
rights protection. Almost all the published work have focused on
authenticating memory that is exclusively owned by one processing
unit. However, in today's computing platforms, memory is often
shared by multiple processing units which support shared system
memory and snoop bus based memory coherence. Authenticating shared
memory is a new challenge to memory protection. In this paper, we
present a secure and fast architecture solution for authenticating
shared memory. In terms of incorporating memory authentication
into the processor pipeline, we proposed a new scheme called
Authentication Speculative Execution. Unlike the previous
approach for hiding or tolerating latency of memory
authentication, our scheme does not trades security for
performance. The novel ASE scheme is both secure to be combined
with one-time-pad (OTP) based memory encryption and efficient to
tolerate authentication latency. Results using modified rsim and
splash2 benchmarks show only 5% overhead in performance on dual
and quad processor platforms. Furthermore, ASE shows 80%
performance advantage on average over conservative non-speculative
execution based authentication. The scheme is of practical use for
both symmetric multiprocessor systems and uni-processor systems
where memory is shared by the main processor and other
co-processors attached to the system bus.