TY - GEN
T1 - Operating system controlled processor-memory bus encryption
AU - Chen, Xi
AU - Dick, Robert P.
AU - Choudhary, Alok
PY - 2008
Y1 - 2008
N2 - Unencrypted data appearing on the processor- memory bus can result in security violations, e.g., allowing attackers to gather keys to financial accounts and personal data. Although on-chip bus encryption hardware can solve this problem, it requires hardware redesign or increases processor cost. Application redesign to prevent sensitive data from appearing on the processor - memory bus is extremely difficult. We propose and evaluate a processor - memory bus encryption technique for embedded systems that requires no changes to applications or hardware. This technique exploits cache locking or scratchpad memory, features present in many embedded processors, permitting the operating system (OS) virtual memory infrastructure to automatically encrypt data belonging to protected processes as they are written to off-chip memory. Pages belonging to unprotected processes are stored unencrypted to prevent performance and energy consumption penalties. We evaluate the proposed bus encryption technique using full system simulation. Experimental results indicate that it is possible to prevent the working data sets of processes from appearing on the processor - memory bus in plaintext, without using dedicated hardware and without changing applications. The OS based technique results in 1.37× slowdown for protected processes for processors with 512KB of L2 cache and 1.78× slowdown for processors with 256KB of L2 cache. There are negligible performance penalties for unprotected processes.
AB - Unencrypted data appearing on the processor- memory bus can result in security violations, e.g., allowing attackers to gather keys to financial accounts and personal data. Although on-chip bus encryption hardware can solve this problem, it requires hardware redesign or increases processor cost. Application redesign to prevent sensitive data from appearing on the processor - memory bus is extremely difficult. We propose and evaluate a processor - memory bus encryption technique for embedded systems that requires no changes to applications or hardware. This technique exploits cache locking or scratchpad memory, features present in many embedded processors, permitting the operating system (OS) virtual memory infrastructure to automatically encrypt data belonging to protected processes as they are written to off-chip memory. Pages belonging to unprotected processes are stored unencrypted to prevent performance and energy consumption penalties. We evaluate the proposed bus encryption technique using full system simulation. Experimental results indicate that it is possible to prevent the working data sets of processes from appearing on the processor - memory bus in plaintext, without using dedicated hardware and without changing applications. The OS based technique results in 1.37× slowdown for protected processes for processors with 512KB of L2 cache and 1.78× slowdown for processors with 256KB of L2 cache. There are negligible performance penalties for unprotected processes.
UR - http://www.scopus.com/inward/record.url?scp=49749120575&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=49749120575&partnerID=8YFLogxK
U2 - 10.1109/DATE.2008.4484834
DO - 10.1109/DATE.2008.4484834
M3 - Conference contribution
AN - SCOPUS:49749120575
SN - 9783981080
SN - 9789783981089
T3 - Proceedings -Design, Automation and Test in Europe, DATE
SP - 1154
EP - 1159
BT - Design, Automation and Test in Europe, DATE 2008
T2 - Design, Automation and Test in Europe, DATE 2008
Y2 - 10 March 2008 through 14 March 2008
ER -