The Community for Technology Leaders
2006 International Conference on Parallel Architectures and Compilation Techniques (PACT) (2006)
Seattle, WA, USA
Sept. 16, 2006 to Sept. 20, 2006
ISBN: 978-1-5090-3022-4
pp: 74-83
Lan Gao , Computer Science and Engineering Department, University of California, Riverside, Riverside, CA 92521
Jun Yang , Computer Science and Engineering Department, University of California, Riverside, Riverside, CA 92521
Marek Chrobak , Computer Science and Engineering Department, University of California, Riverside, Riverside, CA 92521
Youtao Zhang , Computer Science Department, University of Pittsburgh, Pittsburgh, PA 15260
San Nguyen , Computer Science and Engineering Department, University of California, Riverside, Riverside, CA 92521
Hsien-Hsin S. Lee , School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332
ABSTRACT
The address sequence on the processor-memory bus can reveal abundant information about the control flow of a program. This can lead to critical information leakage such as encryption keys or proprietary algorithms. Addresses can be observed by attaching a hardware device on the bus that passively monitors the bus transaction. Such side-channel attacks should be given rising attention especially in a distributed computing environment, where remote servers running sensitive programs are not within the physical control of the client. Two previously proposed hardware techniques tackled this problem through randomizing address patterns on the bus. One proposal permutes a set of contiguous memory blocks under certain conditions, while the other approach randomly swaps two blocks when necessary. In this paper, we present an anatomy of these attempts and show that they impose great pressure on both the memory and the disk. This leaves them less scalable in high-performance systems where the bandwidth of the bus and memory are critical resources. We propose a lightweight solution to alleviating the pressure without compromising the security strength. The results show that our technique can reduce the memory traffic by a factor of 10 compared with the prior scheme, while keeping almost the same page fault rate as a baseline system with no security protection.
INDEX TERMS
Address Bus Leakage Protection, Secure Processor
CITATION
Lan Gao, Jun Yang, Marek Chrobak, Youtao Zhang, San Nguyen, Hsien-Hsin S. Lee, "A low-cost memory remapping scheme for address bus protection", 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT), vol. 00, no. , pp. 74-83, 2006, doi:
164 ms
(Ver 3.3 (11022016))