11th International Symposium on High-Performance Computer Architecture (2005)
San Francisco, California
Feb. 12, 2005 to Feb. 16, 2005
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/HPCA.2005.31
Youtao Zhang , University of Texas at Dallas
Lan Gao , University of California at Riverside
Jun Yang , University of California at Riverside
Xiangyu Zhang , University of Arizona, Tucson
Rajiv Gupta , University of Arizona, Tucson
With the increasing concern of the security on high performance multiprocessor enterprise servers, more and more effort is being invested into defending against various kinds of attacks. This paper proposes a security enhancement model called SENSS, that allows programs to run securely on a symmetric shared memory multiprocessor (SMP) environment. In SENSS, a program, including both code and data, is stored in the shared memory in encrypted form but is decrypted once it is fetched into any of the processors. In contrast to the traditional uniprocessor XOM model, the main challenge in developing SENSS lies in the necessity for guarding the clear text communication between processors in a multiprocessor environment.<div></div> In this paper we propose an inexpensive solution that can effectively protect the shared bus communication. The proposed schemes include both encryption and authentication for bus transactions. We develop a scheme that utilizes the Cipher Block Chaining mode of the advanced encryption standard (CBC-AES) to achieve ultra low latency for the shared bus encryption and decryption. In addition, CBC-AES can generate integrity checking code for the bus communication over time, achieving bus authentication. Further, we develop techniques to ensure the cryptographic computation throughput meets the high bandwidth of gigabyte buses. We performed full system simulation using Simics to measure the overhead of the security features on a SMP system with a snooping write invalidate cache coherence protocol. Overall, only a slight performance degradation of 2.03% on average was observed when the security is provided at the highest level.
J. Yang, Y. Zhang, X. Zhang, R. Gupta and L. Gao, "SENSS: Security Enhancement to Symmetric Shared Memory Multiprocessors," 11th International Symposium on High-Performance Computer Architecture(HPCA), San Francisco, California, 2005, pp. 352-362.