TY - GEN
T1 - Distributed Memory Guard
T2 - 58th ACM/IEEE Design Automation Conference, DAC 2021
AU - Dessouky, Ghada
AU - Isakov, Mihailo
AU - Kinsy, Michel A.
AU - Mahmoody, Pouya
AU - Mark, Miguel
AU - Sadeghi, Ahmad Reza
AU - Stapf, Emmanuel
AU - Zeitouni, Shaza
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/12/5
Y1 - 2021/12/5
N2 - Emerging applications, like cloud services, are demanding more computational power, while also giving rise to various security and privacy challenges. Current multi-/many-core chip designs boost performance by using Networks-on-Chip (NoC) based architectures. Although NoC-based architectures significantly improve communication concurrency, they have thus far lack adequate security mechanisms such as enforceable process isolation. On the other hand, new security-aware architectures that protect applications and sensitive services in isolated execution environments, i.e., enclaves, have not been extended to provide comprehensive protection for NoC platforms. These enclave-based architectures (i) lack secure enclave-device interaction, (ii) cannot include unmodifiable third-party IP, or (iii) provide flexible enclave memory management.To address these design challenges, we introduce a new hardware security primitive, the Distributed Memory Guard, and design the first security architecture that protects sensitive services in NoC-based enclaves. We provide evaluation of this reference architecture and highlight the fact that one can design a scalable (i.e., NoC-based) and secure (i.e., enclave-based) architecture with minimal hardware complexity and system performance overhead.
AB - Emerging applications, like cloud services, are demanding more computational power, while also giving rise to various security and privacy challenges. Current multi-/many-core chip designs boost performance by using Networks-on-Chip (NoC) based architectures. Although NoC-based architectures significantly improve communication concurrency, they have thus far lack adequate security mechanisms such as enforceable process isolation. On the other hand, new security-aware architectures that protect applications and sensitive services in isolated execution environments, i.e., enclaves, have not been extended to provide comprehensive protection for NoC platforms. These enclave-based architectures (i) lack secure enclave-device interaction, (ii) cannot include unmodifiable third-party IP, or (iii) provide flexible enclave memory management.To address these design challenges, we introduce a new hardware security primitive, the Distributed Memory Guard, and design the first security architecture that protects sensitive services in NoC-based enclaves. We provide evaluation of this reference architecture and highlight the fact that one can design a scalable (i.e., NoC-based) and secure (i.e., enclave-based) architecture with minimal hardware complexity and system performance overhead.
KW - Enclave
KW - Memory Protection
KW - Network-on-Chip
KW - Secure Processor Design
UR - http://www.scopus.com/inward/record.url?scp=85119418950&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85119418950&partnerID=8YFLogxK
U2 - 10.1109/DAC18074.2021.9586222
DO - 10.1109/DAC18074.2021.9586222
M3 - Conference contribution
AN - SCOPUS:85119418950
T3 - Proceedings - Design Automation Conference
SP - 985
EP - 990
BT - 2021 58th ACM/IEEE Design Automation Conference, DAC 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 5 December 2021 through 9 December 2021
ER -