Show simple item record

Design Strategies for Efficient and Secure Memory

dc.contributor.advisor Lee, Benjamin C.
dc.contributor.advisor Hilton, Andrew D.
dc.contributor.author Lehman, Tamara Silbergleit
dc.date.accessioned 2019-06-07T19:48:42Z
dc.date.available 2019-06-07T19:48:42Z
dc.date.issued 2019
dc.identifier.uri https://hdl.handle.net/10161/18719
dc.description Dissertation
dc.description.abstract <p>Recent computing trends force users to relinquish physical control to unknown parties, making the system vulnerable to physical attacks. Software alone is not well equipped to protect against physical attacks. Instead software and hardware have to enforce security in collaboration to defend against physical attacks. Many secure processor implementations have surfaced over the last two decades (i.e. Intel SGX, ARM Trustzone) but inefficiencies are hindering their adoption. </p><p>Secure processors use secure memory to detect and guard against physical attacks. Secure memory assumes that everything within the chip boundary is trusted and provides confidentiality and integrity verification for data in memory. Both of these features, confidentiality and integrity, require large metadata structures which are</p><p>stored in memory. When a system equipped with secure memory misses at the last-level-cache (LLC), the memory controller has to issue additional memory requests to fetch the corresponding metadata from memory. These additional memory requests increase delay and energy. The main goal of this dissertation is to reduce overheads of secure memory in two dimensions: delay and energy. </p><p>First, to reduce the delay overhead we propose the first safe speculative integrity verification mechanism, PoisonIvy, that effectively hides the integrity verification latency while maintaining security guarantees. Secure memory has high delay overheads due to the long integrity verification latency. Speculation allows the system to return decrypted data back to the processor before the integrity verification completes, effectively removing the integrity verification latency from the critical path of a memory access. However, speculation without any other mechanism to safeguard security is unsafe. PoisonIvy safeguards security guarantees by preventing any effect of unverified data from leaving the trusted boundary. PoisonIvy is able to realize all the benefits of speculative integrity verification while maintaining the same security guarantees as the non-speculative system. </p><p>Speculation is effective in reducing delay overhead but it has no effect on reducing the number of additional memory accesses, which cause large energy overhead. Secure memory metadata has unique memory access patterns that are not compatible with traditional cache designs. In the second part of this work, we provide the first in-depth study of metadata access patterns, MAPS, to help guide architects design more efficient cache architectures customized for secure memory metadata. Based on the unique characteristics of secure memory metadata observed in the in-depth analysis, in the third part of this work we explore the design space of efficient</p><p>cache designs. We describe one possible design, Metadata Cache eXtension (MCX), which exploits the bimodal reuse distance distribution of metadata blocks to improve the cache efficiency thereby reducing the number of additional memory accesses. We</p><p>also explore an LLC eviction policy suitable to handle multiple types of blocks to improve the efficiency of caching metadata blocks on-chip further.</p>
dc.subject Computer engineering
dc.subject Computer science
dc.subject Computer architecture
dc.subject Computer security
dc.subject Memory system
dc.subject Secure hardware
dc.subject Secure memory
dc.subject Secure processor
dc.title Design Strategies for Efficient and Secure Memory
dc.type Dissertation
dc.department Electrical and Computer Engineering


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record