Caches and hash trees for efficient memory integrity verification

Gassend, Blaise; Suh, G. Edward; Clarke, Dwaine; Dijk, Marten van; Devadas, Srinivas

doi:10.1109/hpca.2003.1183547

Cited by 194 publications

(177 citation statements)

References 5 publications

Supporting

Mentioning

177

Contrasting

Order By: Relevance

“…Other types of attacks have also been considered by researchers which we briefly discuss next. Work has been carried out to detect tampering of information stored in off-chip memory [7,5]. The hardware cost of detecting tampering is very high.…”

Section: Related Workmentioning

confidence: 99%

Compiler-Assisted Memory Encryption for Embedded Processors

Nagarajan

Gupta

Krishnaswamy

2009

Transactions on High-Performance Embedded Architectures and Compilers II

View full text Add to dashboard Cite

Abstract. A critical component in the design of secure processors is memory encryption which provides protection for the privacy of code and data stored in off-chip memory. The overhead of the decryption operation that must precede a load requiring an off-chip memory access, decryption being on the critical path, can significantly degrade performance. Recently hardware counter-based one-time pad encryption techniques [11,13,9] have been proposed to reduce this overhead. For highend processors the performance impact of decryption has been successfully limited due to: presence of fairly large on-chip L1 and L2 caches that reduce off-chip accesses; and additional hardware support proposed in [13,9] to reduce decryption latency. However, for low-to medium-end embedded processors the performance degradation is high because first they only support small (if any) on-chip L1 caches thus leading to significant off-chip accesses and second the hardware cost of decryption latency reduction solutions in [13,9] is too high making them unattractive for embedded processors. In this paper we present a compiler-assisted strategy that uses minimal hardware support to reduce the overhead of memory encryption in low-to medium-end embedded processors. Our experiments show that the proposed technique reduces average execution time overhead of memory encryption for low-end (medium-end) embedded processor with 0 KB (32 KB) L1 cache from 60% (13.1%), with single counter, to 12.5% (2.1%) by additionally using only 8 hardware counter-registers.

show abstract

Section: Related Workmentioning

confidence: 99%

Compiler-Assisted Memory Encryption for Embedded Processors

Nagarajan

Gupta

Krishnaswamy

2009

Transactions on High-Performance Embedded Architectures and Compilers II

View full text Add to dashboard Cite

show abstract

“…Gassend et al [24] propose a hash-tree based verification of untrusted external memory, providing a tamper-proof environment for program execution. The hash-tree based verification dramatically increases memory bandwidth requirements (~logN, where N is the memory size).…”

Section: Related Workmentioning

confidence: 99%

“…The use of untrustworthy data for jump target addresses can be prevented by tagging all data coming from untrustworthy channels [21,22]; however, this approach requires relatively complex tracking of spurious data propagation and may produce false alarms. More comprehensive secure architectures that are directly related to this work include execute-only memory (XOM) [1], an architecture for protecting critical secrets in microprocessors [23], an architecture for memory integrity verification [24], a XOM-like architecture with fast one-time-pad encryption [3], an architecture for runtime verification of instruction block signatures [4], and a hardware/software platform for intrusion prevention [9].…”

Section: Related Workmentioning

confidence: 99%

A low overhead hardware technique for software integrity and confidentiality

Rogers

Milenković

2007

2007 25th International Conference on Computer Design

View full text Add to dashboard Cite

show abstract

“…Aegis is the first secure processor to provide integrity verification for normal insecure memory (DRAM). It adopts the efficient memory integrity verification scheme proposed in [28], where the hash tree is cached. However, such optimizations were based on the locality in neighboring memory accesses, and therefore do not work for Path ORAM because Path ORAM shuffles the memory and always accesses random locations throughout the entire memory.…”

Section: Related Workmentioning

confidence: 99%