architecture)level,security,issues,, for,main,memory,cs7936/files/security-seminar.pdf · pcm is...
TRANSCRIPT
Architecture-‐level Security Issues for main memory
Ali Shafiee
Aganda
• Replay-‐A;ack – (bonsai) merkle tree
• NVM challenages – Endurance – stealing
• Side-‐channel A;ack due to resource sharing – Time channel a;ack – Covert channel a;ak
• Memory address ObfuscaGon
Why Memory?
• Secure CPU can protect computaGon • Memory is passive, on the criGcal path, and power hungry!
Replay A;ack • Secret Key-‐Based EncrypGon is not enough • We need unique seed per block per access.
Challenge
• One global Counter – Need to update the enGre memory!
• One on-‐chip counter per cache line – 4B counter – Occupy so much space!
• SoluGon – Small counter per line – Store in-‐memory – Log(n) access / o(1) on-‐chip storage
Bonsai Merkle Tree (I)
Assign New LPID on any block counter overflow
Bonsai Merkle Tree(II)
Non-‐VolaGle Memory (NVM)
PCM is resistive memory: High resistance (0), Low resistance (1) PCM cell can be switched between states reliably and quickly
Stealing An NVM DIMM!
• 158 hard disks from eBay (2003) – 74% contained old data – Only 9% properly saniGzed
• Stolen smart Phone! • i-‐NVMM
– Working set is kept un-‐encrypted – Data predicted as not in working set àencrypt – In turn off à encrypt all un-‐encrypted data
Endurance
• No more than 100 Million write!
DEUCE
Resource Sharing
Core 0
$
Core 1
$ Bus
Memory 0
1 1
0
1
0 0
1
0 100 200 300 400 500 600 700 800 900
0 20000 40000 60000 80000 100000 120000
Mem
ory Re
quests per
5000 cycles
Time (cycle)
SD 0 SD 1
Branch-‐predictor, on-‐chip network, Cache, memory controller
Temporal ParGGoning
• Each core has a slot to access memory • Each core has its own queue
DRAM Time Slots Time SD 0 SD 1 SD N
Turn
SD 0 Arbiter
TransacGon Scheduler
SD 0
SD 1 Arbiter
SD 1
Bank 0 Bank 1 Bank 2 Bank 3
Oblivious RAM
14
CPU(LLC)
On-chip ORAMController DRAM
(op, addr, data) Write a0 d0 Read a0 Read a1 Read a0
Obfuscated addr & ciphertext: Read a_#+> %&X … Write a_=^+ #$@ …
• Encrypted computaGon using secure processor
• Oblivious remote storage, secure computaGon, etc.
Path ORAM • PosiGon Map: map each block to a random path • Invariant: if a block is mapped to a path, it must be on that path
root
path 0 1 2 3
Block Path B0 0
B1 3
B2 3
B3 0
B4 1
Posi?on Map (B0, 0)
(B3, 0)
(B2, 3)
(B1, 3)
ORAM controller DRAM
dummy dummy dummy
15
Path ORAM OperaGon • Access Block 1
– Read all blocks on path 3 – Remap B1 to a new random path – Write as many blocks as possible back to path 3 (keep the invariant)
root
path 0 1 2 3
Block Path B0 0
B1 3
B2 3
B3 0
B4 1
Posi?on Map (B0, 0)
(B3, 0)
(B2, 3)
(B1, 3)
(B1, 1)
ORAM controller DRAM
dummy dummy dummy
dummy
16
X 1
• Underlying ORAM + Recursion Recursive ORAM
17
Block Pos
N …
N+1 …
… …
N+N/X-‐1 …
Block Pos
0 92
1 35
2 …
… …
N-‐1 …
Data ORAM
PosMap ORAM
PosMap ORAM
Block Pos
… …
… …
... …
Freecursive ORAM
𝑃𝑜𝑠(0), 𝑃𝑜𝑠(1),⋯,𝑃𝑜𝑠(𝑋−1)
Block 𝑁
• Background on Path ORAM • Our three improvements
– Idea 1: Cache PosMap ORAM + Security Fix
Outline
18
Data ORAM
PosMap ORAM
PosMap ORAM
Block Pos
… …
Input address 𝑎
𝑃𝑜𝑠(𝑎[ℎ𝑖𝑔ℎ])
PosMap block 1 PosMap block 2
Block 𝑎
recursive ORAM access ≈ page table walk!
≈ virtual address ≈ CR3 On-‐chip
PosMap
𝑃𝑜𝑠(𝑎)
≈ mul?-‐level page table
Recursive ORAM Access
19
Block Pos
N Pos(N)
N+1 …
… …
𝑃𝑜𝑠(𝑁)
Request for Block 0
𝑃𝑜𝑠(0)
Block 0
Block Pos
0 Pos(0)
1 Pos(1)
2 …
… …
N-‐1 …
Block 𝑁
𝑃𝑜𝑠(0), 𝑃𝑜𝑠(1),⋯,𝑃𝑜𝑠(𝑋−1) Block 𝑁
Data ORAM
PosMap ORAM
Secure processor
External memory
On-‐chip PosMap
Cache PosMap
20
𝑃𝑜𝑠(𝑁)
Request for Block 0
𝑃𝑜𝑠(0)
Block 0
Block Pos
0 Pos(0)
1 Pos(1)
2 …
… …
N-‐1 …
Block 𝑁
𝑃𝑜𝑠(0), 𝑃𝑜𝑠(1),⋯,𝑃𝑜𝑠(𝑋−1) Block 𝑁
Data ORAM
PosMap ORAM
Secure processor
External memory
PLBcache recent
PosMap blocksBlock Pos
N Pos(N)
N+1 …
… …
On-‐chip PosMap
Cache PosMap
21
Request for Block 0 Request for Block 1
𝑃𝑜𝑠(1)
Block 1
Block Pos
0 Pos(0)
1 Pos(1)
2 …
… …
N-‐1 …
Block 𝑁
𝑃𝑜𝑠(0), 𝑃𝑜𝑠(1),⋯,𝑃𝑜𝑠(𝑋−1) Block 𝑁
Data ORAM
PosMap ORAM
Secure processor
External memory
PLBcache recent
PosMap blocks
PLB Hit/Miss depends on access paVern!
Block Pos
N Pos(N)
N+1 …
… …
On-‐chip PosMap
Security Fix: Unified ORAM
22
Request for Block 0
𝑃𝑜𝑠(𝑁) Block 𝑁
Block Pos
0 Pos(0)
1 Pos(1)
2 …
… …
N-‐1 …
𝑃𝑜𝑠(0), 𝑃𝑜𝑠(1),⋯,𝑃𝑜𝑠(𝑋−1)
ORAM for Data & PosMap
Secure processor
External memory
PLBcache recent
PosMap blocks
Block 𝑁
Block Pos
N Pos(N)
N+1 …
… …
On-‐chip PosMap
Security Fix: Unified ORAM
23
Request for Block 0
𝑃𝑜𝑠(0) Block 0
Block Pos
0 Pos(0)
1 Pos(1)
2 …
… …
N-‐1 …
𝑃𝑜𝑠(0), 𝑃𝑜𝑠(1),⋯,𝑃𝑜𝑠(𝑋−1)
ORAM for Data & PosMap
Secure processor
External memory
PLBcache recent
PosMap blocks
Block 𝑁
Block 𝑁
Block Pos
N Pos(N)
N+1 …
… …
On-‐chip PosMap
Security Fix: Unified ORAM
24
𝑃𝑜𝑠(1) Block 1
Block Pos
0 Pos(0)
1 Pos(1)
2 …
… …
N-‐1 …
𝑃𝑜𝑠(0), 𝑃𝑜𝑠(1),⋯,𝑃𝑜𝑠(𝑋−1)
ORAM for Data & PosMap
Secure processor
External memory
PLBcache recent
PosMap blocks
Block 𝑁
Block 𝑁
Request for Block 0 Request for Block 1
Total # of ORAM accesses: small leakage
Block Pos
N Pos(N)
N+1 …
… …
On-‐chip PosMap