TY - GEN
T1 - Detecting/preventing information leakage on the memory bus due to malicious hardware
AU - Das, Abhishek
AU - Memik, Gokhan
AU - Zambreno, Joseph
AU - Choudhary, Alok Nidhi
PY - 2010
Y1 - 2010
N2 - An increasing concern amongst designers and integrators of military and defense-related systems is the underlying security of the individual microprocessor components that make up these systems. Malicious circuitry can be inserted and hidden at several stages of the design process through the use of third-party Intellectual Property (IP), design tools, and manufacturing facilities. Such hardware Trojan circuitry has been shown to be capable of shutting down the main processor after a random number of cycles, broadcasting sensitive information over the bus, and bypassing software authentication mechanisms. In this work, we propose an architecture that can prevent information leakage due to such malicious hardware. Our technique is based on guaranteeing certain behavior in the memory system, which will be checked at an external guardian core that "approves" each memory request. By sitting between off-chip memory and the main core, the guardian core can monitor bus activity and verify the compiler-defined correctness of all memory writes. Experimental results on a conventional x86 platform demonstrate that application binaries can be statically reinstrumented to coordinate with the guardian core to monitor offchip access, resulting in less than 60% overhead for the majority of the studied benchmarks.
AB - An increasing concern amongst designers and integrators of military and defense-related systems is the underlying security of the individual microprocessor components that make up these systems. Malicious circuitry can be inserted and hidden at several stages of the design process through the use of third-party Intellectual Property (IP), design tools, and manufacturing facilities. Such hardware Trojan circuitry has been shown to be capable of shutting down the main processor after a random number of cycles, broadcasting sensitive information over the bus, and bypassing software authentication mechanisms. In this work, we propose an architecture that can prevent information leakage due to such malicious hardware. Our technique is based on guaranteeing certain behavior in the memory system, which will be checked at an external guardian core that "approves" each memory request. By sitting between off-chip memory and the main core, the guardian core can monitor bus activity and verify the compiler-defined correctness of all memory writes. Experimental results on a conventional x86 platform demonstrate that application binaries can be statically reinstrumented to coordinate with the guardian core to monitor offchip access, resulting in less than 60% overhead for the majority of the studied benchmarks.
UR - http://www.scopus.com/inward/record.url?scp=77953115730&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77953115730&partnerID=8YFLogxK
U2 - 10.1109/date.2010.5456930
DO - 10.1109/date.2010.5456930
M3 - Conference contribution
AN - SCOPUS:77953115730
SN - 9783981080162
T3 - Proceedings -Design, Automation and Test in Europe, DATE
SP - 861
EP - 866
BT - DATE 10 - Design, Automation and Test in Europe
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - Design, Automation and Test in Europe Conference and Exhibition, DATE 2010
Y2 - 8 March 2010 through 12 March 2010
ER -