skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: A Short Survey at the Intersection of Reliability and Security in Processor Architecture Designs
Over the next decade, processor design will encounter a number of challenges. The ongoing miniaturization of semiconductor manufacturing technologies that has enabled the integration of hundreds to thousands of processing cores on a single chip is pushing the limits of physical laws. The fabrication process has also grown more complex and globalized with widespread use of third-party IPs (intellectual properties). This development ecosystem has complicated the security and trust view of processors. Some of the pressing processor architecture design questions are: (1) how to use reconfiguration and redundancy to improve reliability without introducing additional and potentially insecure system states, (2) what analytical models lend themselves best to the joint implementation of reliability and security in these systems, and (3) how to optimally and securely share resources and data among processing elements with high degree of reliability. In this work, we present and discuss (1) principal reliability approaches - error correction code, modular redundancy, (2) processor architecture specific reliability, (3) major secure processor architectures. We also highlight key features of a small representative class of the secure and reliable architectures.  more » « less
Award ID(s):
1745808
PAR ID:
10065464
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
Proceedings
ISSN:
2159-3477
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, 2020 IEEE Hardware Oriented Security and Trust (HOST))
    null (Ed.)
    Security specification mining is a relatively new line of research that aims to develop a set of security properties for use during the design validation phase of the hardware life-cycle. Prior work in this field has targeted open-source RISC architectures and relies on access to the register transfer level design, developers’ repositories, bug tracker databases, and email archives. We develop Astarte, a tool for security specification mining of closed source, CISC architectures. As with prior work, we target properties written at the instruction set architecture (ISA) level. We use a full-system fast emulator with a lightweight extension to generate trace data, and we partition the space of security properties on security-critical signals in the architecture to manage complexity. We evaluate the approach for the x86-64 ISA. The Astarte framework produces roughly 1300 properties. Our automated approach produces a categorization that aligns with prior manual efforts. We study two known security flaws in shipped x86/x86-64 processor implementations and show that our set of properties could have revealed the flaws. Our analysis provides insight into those properties that are guaranteed by the ISA, those that are required of the operating system, and those that have become de facto properties by virtue of many operating systems assuming the behavior. 
    more » « less
  2. ; ; ; (, GLSVLSI '20: Proceedings of the 2020 on Great Lakes Symposium on VLSI)
    In this paper, we assess the security and testability of the state-of-the-art design-for-security (DFS) architectures in the presence of scan-chain locking/obfuscation, a group of solution that has previously proposed to restrict unauthorized access to the scan chain. We discuss the key leakage vulnerability in the recently published prior-art DFS architectures. This leakage relies on the potential glitches in the DFS architecture that could lead the adversary to make a leakage condition in the circuit. Also, we demonstrate that the state-of-the-art DFS architectures impose some substantial architectural drawbacks that moderately affect both test flow and design constraints. We propose a new DFS architecture for building a secure scan chain architecture while addressing the potential of key leakage. The proposed architecture allows the designer to perform the structural test with no limitation, enabling an untrusted foundry to utilize the scan chain for manufacturing fault testing without having a need to access the scan chain. Our proposed solution poses negligible limitation/overhead on the test flow, as well as the design criteria. 
    more » « less
  3. ; ; (, Proceedings of the Annual International Symposium on Microarchitecture)
    null (Ed.)
    The performance of persistent applications is severely hurt by current secure processor architectures. Persistent applications use long-latency flush instructions and memory fences to make sure that writes to persistent data reach the persistency domain in a way that is crash consistent. Recently introduced features like Intel's Asynchronous DRAM Refresh (ADR) make the on-chip Write Pending Queue (WPQ) part of the persistency domain and help reduce the penalty of persisting data since data only needs to reach the on-chip WPQ to be considered persistent. However, when persistent applications run on secure processors, for the sake of securing memory many cycles are added to the critical path of their write operations before they ever reach the persistent WPQ, preventing them from fully exploiting the performance advantages of the persistent WPQ. Our goal in this work is to make it feasible for secure persistent applications to benefit more from the on-chip persistency domain. We propose Dolos, an architecture that prioritizes persisting data without sacrificing security in order to gain a significant performance boost for persistent applications. Dolos achieves this goal by an additional minor security unit, Mi-SU, that utilizes a much faster secure process that protects only the WPQ. Thus, the secure operation latency in the critical path of persist operations is reduced and hence persistent transactions can complete earlier. Dolos retains a conventional major security unit for protecting memory that occurs off the critical path after inserting secured data into the WPQ. To evaluate our design, we implemented our architecture in the GEM5 simulator and analyzed the performance of 6 benchmarks from the WHISPER suite. Dolos improves their performance by 1.66x on average. 
    more » « less
  4. (, Proc. 33rd International Conference on Field Programmable Logic and Applications (FPL 2023))
    The dominance of machine learning and the ending of Moore’s law have renewed interests in Processor in Memory (PIM) architectures. This interest has produced several recent proposals to modify an FPGA’s BRAM architecture to form a next-generation PIM reconfigurable fabric [1], [2]. PIM architectures can also be realized within today’s FPGAs as overlays without the need to modify the underlying FPGA architecture. To date, there has been no study to understand the comparative advantages of the two approaches. In this paper, we present a study that explores the comparative advantages between two proposed custom architectures and a PIM overlay running on a commodity FPGA. We created PiCaSO, a Processor in/near Memory Scalable and Fast Overlay architecture as a representative PIM overlay. The results of this study show that the PiCaSO overlay achieves up to 80% of the peak throughput of the custom designs with 2.56× shorter latency and 25% – 43% better BRAM memory utilization efficiency. We then show how several key features of the PiCaSO overlay can be integrated into the custom PIM designs to further improve their throughput by 18%, latency by 19.5%, and memory efficiency by 6.2%. 
    more » « less
  5. (, Virginia Tech Theses)
    Typical cybersecurity solutions emphasize on achieving defense functionalities. However, execution efficiency and scalability are equally important, especially for real-world deployment. Straightforward mappings of cybersecurity applications onto HPC platforms may significantly underutilize the HPC devices’ capacities. On the other hand, the sophisticated implementations are quite difficult: they require both in-depth understandings of cybersecurity domain-specific characteristics and HPC architecture and system model. In our work, we investigate three sub-areas in cybersecurity, including mobile software security, network security, and system security. They have the following performance issues, respectively: 1) The flow- and context-sensitive static analysis for the large and complex Android APKs are incredibly time-consuming. Existing CPU-only frameworks/tools have to set a timeout threshold to cease the program analysis to trade the precision for performance. 2) Network intrusion detection systems (NIDS) use automata processing as its searching core and requires line-speed processing. However, achieving high-speed automata processing is exceptionally difficult in both algorithm and implementation aspects. 3) It is unclear how the cache configurations impact time-driven cache side-channel attacks’ performance. This question remains open because it is difficult to conduct comparative measurement to study the impacts. In this dissertation, we demonstrate how application-specific characteristics can be leveraged to optimize implementations on various types of HPC for faster and more scalable cybersecurity executions. For example, we present a new GPU-assisted framework and a collection of optimization strategies for fast Android static data-flow analysis that achieve up to 128X speedups against the plain GPU implementation. For network intrusion detection systems (IDS), we design and implement an algorithm capable of eliminating the state explosion in out-of-order packet situations, which reduces up to 400X of the memory overhead. We also present tools for improving the usability of Micron’s Automata Processor. To study the cache configurations’ impact on time-driven cache side-channel attacks’ performance, we design an approach to conducting comparative measurement. We propose a quantifiable success rate metric to measure the performance of time-driven cache attacks and utilize the GEM5 platform to emulate the configurable cache. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email