Presentation is loading. Please wait.

Presentation is loading. Please wait.

Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Defense, UC Santa Barbara May 7, 2013 Committee: Prof.

Similar presentations


Presentation on theme: "Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Defense, UC Santa Barbara May 7, 2013 Committee: Prof."— Presentation transcript:

1 Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Defense, UC Santa Barbara May 7, 2013 Committee: Prof. Timothy Sherwood (chair) Prof. Fred Chong Prof. Peter Michael Meliar-Smith Prof. Theodore Huffmire 1

2  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 2 Modern Microprocessors Intro/Motivation

3  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 3 Modern Microprocessors Intro/Motivation  Commercial CPU tradeoffs:  Performance  Power  Area  Cost  Security

4  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 4 Modern Microprocessors Intro/Motivation  Security  Confidentiality  Integrity  Availability

5  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 5 Modern Microprocessors  Flurry of hardware attacks  Side channel attacks (Kocher 1996, Percival 2005, Bernstein 2005)  Power draw (Kocher et al. 1999, Jasper 2011)  EM analysis (Gandolfi et al. 2001, Agrawal et al. 2002)  Physical tamper  Memory remanence (Soden et al. 1995, Halderman et al. 2008) Intro/Motivation

6  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 6 Modern Microprocessors Intro/Motivation  High Assurance CPUs  High development costs  Small market share  Time-consuming to design  Commercial hardware still outperforms by 100x (and growing…)

7  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 7 Modern Microprocessors Intro/Motivation Commercial Processors (high speed) High Assurance Processors (secure) The solution

8  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 8 New Technology – 3D Integration  3D Integration  2 or more dies stacked as one system  Foundry level option Base Processor Second die 3D Crypto

9  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 9 Thesis Statement  The functionality of a processor can be extended after making minimal changes to its design. We introduce several novel methods of adding security to processors through the use of 3D Integration, resulting in secure processors that retain high performance. Intro/Motivation

10  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 10 Outline  Intro/Motivation -the what  3D Crypto -the why  3D Sec -the how  3D Extensible ISAs -the what else  Conclusion 3D Crypto

11  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 11 3D Crypto - Motivation  Current Crypto Co-processors  Off-die co-processor, or utilizing core in CMPs  Prone to tamper, vulnerable to side-channels  Lower performance  Ideal Crypto Co-processors  High integrity of data being processed  Tamper-proof and immune to attacks  High performance 3D Crypto

12  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 12 3D Crypto Co-processor Main Processor Crypto Co-processor 3D Crypto

13  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 13 Security Ramifications  Threat Models (Valamehr et al. 2011)  Physical tamper  Memory remanence  Access-driven cache side-channel attacks  Time-driven cache side-channel attacks  Fault analysis  Electromagnetic analysis  Power analysis  Thermal analysis 3D Crypto

14  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 14 Perf/Power/Area/Cost  Potential cost savings with 3D  Use of older technologies  Relationship between:  Performance  Power  Cost  Area 3D Crypto

15  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 15 Perf/Power/Area/Cost 3D Crypto

16  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 16 Outline  Intro/Motivation -the what  3D Crypto -the why  3D Sec -the how  3D Extensible ISAs -the what else  Conclusion 3D Security

17  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 17 Current Trends  Ideal: Fast and affordable high assurance systems  Resilient against attacks  Low cost  High performance 3D Security

18  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 18 Solution  3D Integration  Optional security layer Base Processor Second die 3D Security

19  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 19 3D-Sec: Idea  Past Work: 3D Passive Monitors (Mysore et al. 2006)  Analyze data from base processor  Our Contribution – 3D Active Monitors (Valamehr et al. 2010)  Information flow control  Arbitration of communication  Partitioning of resources 3D Security

20  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 20 3D-Sec: Idea  Benefits with 3D Integration Security ArchitecturePerformanceAccess to internal signals Security separate Off-chip coprocessor LowNoYes On-chip HighYesNo 3D layer HighYes 3D Security

21  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 21 3D-Sec: Idea  Challenge  Normal operation if 3D layer absent  Security functions if 3D layer present 3D Security

22  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 22 3D Security Layer – Circuit Level Primitives  Circuit-level primitives for an active monitor (a) Tapping (b) Re-routing(c) Overriding(d) Disabling = 3D layer connections= Signal flow 3D Security

23  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 23 3D Security Layer – Tapping  Tapping sends requested signal to the 3-D control plane Tapping 3D Security

24  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 24 3D Security Layer – Disabling  Disabling effectively blocks the transmission of signals Disabling X 3D Security

25  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 25 3D Security Layer – Disabling  Theoretical 3-D Application: Mutual Trust Shared Bus Protocols Shared L2 $ Core 1 L1 $ Core 0 L1 $ Shared Bus = Post to the 3-D control plane = Signal flow...… 3D Security

26  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 26 3D Security Layer – Re-routing  Re-routing sends requested signals to 3-D plane, and blocks their original transmission Re-routing X 3D Security

27  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 27 3D Security Layer – Re-routing  Theoretical 3-D Application: Crypto Co-processor Standard Execution Pipeline AES 3-D Control Plane 1. Crypto Instruction2. Result Reg File L1 $ Crypto Control Unit Computation Plane RSADES …… …… INST 3D Security

28  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 28 3D Security Layer – Overriding  Overriding blocks transmission of signal, while simultaneously injecting a new value Overriding 3D Security

29  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion  Gate-level primitives 29 3D Security Layer – Gate Level Primitives in out in out in out in out Tapping Rerouting Disabling Overriding 3D Security

30  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 30 3D Security Layer – General Primitive  General primitive 3D Security

31  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 31 3D Security  Area overhead of general primitive(s) DesignArea of design (90nm Library Area Units) 1 General Primitive General Primitives Stage MIPS Pipelined Processor240, % increase 3D Security

32  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 32 Background – Side-Channel Attacks  Access-driven cache attack (Percival 2005) Victim Process Shared Cache Attacker Process 3D Security

33  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 33 3D Security Layer – Example Application  3-D Cache Eviction Monitor  Keep trusted process cache lines locked  Maintain secrecy of the private key 3D Security

34  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 34 3D Security Layer – Example Application  3D Cache Eviction Monitor 3D Security

35  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 35 3D Security Layer – Example Application  Cache Performance 3D Security

36  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 36 Outline  Intro/Motivation -the what  3D Crypto -the why  3D Sec -the how  3D Extensible ISAs -the what else  Conclusion 3D Extensible ISAs

37  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 37 3D Extensible ISAs - Idea  3D layer that implements new instructions  Connects to control unit on existing processor  May have new functional units  Extends the ISA of processor  Allows reuse of fast processor  Examples  Multimedia  Crypto  Other ISAs 3D Extensible ISAs

38  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 38 3D Extensible ISAs - Approach  Use circuit-level primitives  Find hook points  What data does the 3D layer need?  Which signals does the 3D need to change?  Design Control unit with free opcodes  Set aside a set of opcodes as available – NoOPs on base layer  Stall signal (for “asynchronous” execution) 3D Extensible ISAs

39  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 39 Circuit-Level Primitives  Tapping  Rerouting  Overriding 3D Extensible ISAs

40  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 40 Hook Points Read opcode and register addresses (Tap) If opcode isn’t covered: NoOP Route register values if shared with 3-D layer (Reroute) Replace data (Override) 3D Extensible ISAs 3-D instruction module

41  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 41 Control Unit Design  Design Control unit with free opcodes  Set aside a set of opcodes as available  NoOPs on base layer  Ensure they are explicitly defined  Increase writeback mux size 3D Extensible ISAs

42  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 42 Proof-Of-Concept 3D Extensible ISAs

43  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 43 Results  5-stage pipelined CPU  Tested benchmarks for verification and execution time  5-stage + AES core  Tested benchmarks for verification and execution time – matched 5-stage by itself  Insert Crypto instructions in benchmark  AES core executes and writes back correctly 3D Extensible ISAs

44  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 44 3D Extensible ISAs  Area overhead of general primitive(s) DesignArea of design (90nm Library Area Units) 1 General Primitive General Primitives8831 AES core34,870 5-Stage MIPS Pipelined Processor240, % increase 3D Extensible ISAs

45  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 45 Outline  Intro/Motivation -the what  3D Crypto -the why  3D Sec -the how  3D Extensible ISAs -the what else  Conclusion Conclusion

46  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 46 Future Directions  Practical extensions  Sets of general hook points  3DSec applications  3D ISA - heterogeneous architectures  Physical realizations  3DSec chip  Test functions Conclusion

47  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 47 Publications A 3D Split Manufacturing Approach to Trustworthy System Development Jonathan Valamehr, Timothy Sherwood, Ryan Kastner, David Marangoni-Simonsen, Ted Huffmire, Cynthia Irvine, and Timothy Levin. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), Special Section on Three-dimensional Integrated Circuits and Microarchitectures, Vol. 32, No. 4, Pages A 3D Split Manufacturing Approach to Trustworthy System Development A Qualitative Security Analysis of a New Class of 3-D Integrated Crypto Co-processors Jonathan Valamehr, Ted Huffmire, Cynthia Irvine, Ryan Kastner, Cetin Kaya Koc, Timothy Levin, and Timothy Sherwood. Festschrift Jean- Jacques Quisquater, to appear, D. Naccache, editor, LNCS Nr. 6805, Springer, A Qualitative Security Analysis of a New Class of 3-D Integrated Crypto Co-processors Hardware Assistance for Trustworthy Systems through 3-D Integration Jonathan Valamehr, Mohit Tiwari, and Timothy Sherwood, Ryan Kastner, Ted Huffmire, Cynthia Irvine and Timothy Levin. Proceedings of the Annual Computer Security Applications Conference (ACSAC), December Austin, Texas. Hardware Assistance for Trustworthy Systems through 3-D Integration Hardware Trust Implications of 3-D Integration Ted Huffmire, Timothy Levin, Michael Bilzor, Cynthia Irvine, Jonathan Valamehr, Mohit Tiwari, Timothy Sherwood, and Ryan Kastner. Workshop on Embedded Systems Security (WESS), October Scottsdale, Arizona. Hardware Trust Implications of 3-D Integration Trustworthy System Security through 3-D Integrated Hardware Ted Huffmire, Jonathan Valamehr, Timothy Sherwood, Ryan Kastner, Timothy Levin, Thuy D. Nguyen, and Cynthia Irvine. Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2008) June Anaheim, CA. Trustworthy System Security through 3-D Integrated Hardware High-Assurance System Support through 3-D Integration Theodore Huffmire, Tim Levin, Cynthia Irvine, Thuy Nguyen, Jonathan Valamehr, Ryan Kastner, and Tim Sherwood. NPS Technical Report NPS-CS , November High-Assurance System Support through 3-D Integration Conclusion

48  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 48 Publications Inspection Resistant Memory Architectures Jonathan Valamehr, Andrew Putnam, Daniel Shumow, Melissa Chase, Seny Kamara, Vinod Vaikuntanathan, and Timothy Sherwood. IEEE Micro: Micro's Top Picks from Computer Architecture Conferences (IEEE Micro - top pick), May-June Inspection Resistant Memory Architectures Inspection Resistant Memory: Architectural Support for Security from Physical Examination Jonathan Valamehr, Andrew Putnam, Daniel Shumow, Melissa Chase, Seny Kamara, Vinod Vaikuntanathan, and Timothy Sherwood. Proceedings of the International Symposium of Computer Architecture. (ISCA), June Portland, Oregon. Inspection Resistant Memory: Architectural Support for Security from Physical Examination Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security Mohit Tiwari, Jason Oberg, Xun Li, Jonathan Valamehr, Timothy Levin, Ben Hardekopf, Ryan Kastner, Frederic T Chong, and Timothy Sherwood. in Proceedings of the International Symposium of Computer Architecture (ISCA), June San Jose, CA. Crafting a Usable Microkernel, Processor, and I/O System with Strict and Provable Information Flow Security A Small Cache of Large Ranges: Hardware Methods for Efficiently Searching, Storing, and Updating Big Dataflow Tags Mohit Tiwari, Banit Agrawal, Shashidhar Mysore, Jonathan Valamehr, and Timothy Sherwood. Proceedings of the International Symposium on Microarchitecture (Micro), November Lake Como, Italy. A Small Cache of Large Ranges: Hardware Methods for Efficiently Searching, Storing, and Updating Big Dataflow Tags Designing Secure Systems on Reconfigurable Hardware Ted Huffmire, Brett Brotherton, Nick Callegari, Jonathan Valamehr, Jeff White, Ryan Kastner, and Tim Sherwood. ACM Transactions on Design Automation of Electronic Systems (TODAES) Vol 13 No 3, July Designing Secure Systems on Reconfigurable Hardware Opportunities and Challenges of using Plasmonic Components in Nanophotonic Architectures Hassan Wassel, Daoxin Dai, Luke Theogarajan, Jennifer Dionne, Mohit Tiwari, Jonathan Valamehr, Frederic Chong, and Timothy Sherwood. IEEE Journal on Emerging and Selected Topics in Circuits and Systems (JETCAS) To appear Opportunities and Challenges of using Plasmonic Components in Nanophotonic Architectures Towards Chip-Scale Plasmonic Interconnects Hassan M. G. Wassel, Mohit Tiwari, Jonathan Valamehr, Luke Theogarajan, Jennifer Dionne, Frederic T. Chong, and Timothy Sherwood. Workshop on the Interaction between Nanophotonic Devices and Systems (WINDS) December Atlanta, Georgia. Towards Chip-Scale Plasmonic Interconnects Conclusion

49  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 49 Acknowledgements  Labmates  Committee members  Collaborators at NPS, UCSD, MSR, GA Tech  Janet Kayfetz Conclusion

50  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion  Start up in Palo Alto, CA 50 What’s next? Conclusion

51 3-D Security 51 Thank you!

52  Intro/Motivation  3D Crypto  3D Security  3D Extensible ISAs  Conclusion 52 Thesis Statement  The functionality of a processor can be extended after making minimal changes to its design. We introduce several novel methods of adding security to processors through the use of 3D Integration, resulting in secure processors that retain high performance. Intro/Motivation


Download ppt "Novel Methods of Augmenting High Performance Processors with Security Hardware Jonathan Valamehr PhD Defense, UC Santa Barbara May 7, 2013 Committee: Prof."

Similar presentations


Ads by Google