An Analysis of Secure Processor Architectures

Chhabra, Siddhartha; Solihin, Yan; Lal, Reshma; Hoekstra, Matthew

doi:10.1007/978-3-642-11389-5_6

Cited by 7 publications

(9 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software schemes [3,13,27,45,52,57] to improve security typically have unacceptably high performance overheads. Hardware schemes [11,23,28,31,32,36,37,47] are slow to react to new attacks, and can be rendered ineffective if limitations in their fixed functionality can be exploited. We want to provide a system that can avoid the shortcomings of each.…”

Section: Requirementsmentioning

confidence: 99%

“…These are particularly amenable to use of decoupled hardware that is allowed to observe the execution stream [51]. Other policies exist for providing security guarantees [23], which may also be offloaded to similar hardware, but these are beyond the scope of this paper.…”

Section: Security Detectionmentioning

confidence: 99%

“…Enforcing security properites in hardware is a tempting proposition [11,23,28,31,32,36,37,47]. However, fixedfunction hardware is limited in utility if an attacker can simply change their targets to components without protection, or design software to deliberately circumvent the defences.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The Guardian Council

Ainsworth

Jones

2020

Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Syste

View full text Add to dashboard Cite

Systems security is becoming more challenging in the face of untrusted programs and system users. Safeguards against attacks currently in use, such as buffer overflows, control-flow integrity, side channels and malware, are limited. Software protection schemes, while flexible, are often too expensive, and hardware schemes, while fast, are too constrained or out-of-date to be practical.We demonstrate the best of both worlds with the Guardian Council, a novel parallel architecture to enforce a wide range of highly customisable and diverse security policies. We leverage heterogeneity and parallelism in the design of our system to perform security enforcement for a large highperformance core on a set of small microcontroller-sized cores. These Guardian Processing Elements (GPEs) are many orders of magnitude more efficient than conventional outof-order superscalar processors, bringing high-performance security at very low power and area overheads. Alongside these highly parallel cores we provide fixed-function logging and communication units, and a powerful programming model, as part of an architecture designed for security.Evaluation on a range of existing hardware and software protection mechanisms, reimplemented on the Guardian Council, demonstrates the flexibility of our approach with negligible overheads, out-performing prior work in the literature. For instance, 4 GPEs can provide forward control-flow integrity with 0% overhead, while 6 GPEs can provide a full shadow stack at only 2%.

show abstract

Section: Requirementsmentioning

confidence: 99%

Section: Security Detectionmentioning

confidence: 99%

See 1 more Smart Citation

The Guardian Council

Ainsworth

Jones

2020

Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Syste

View full text Add to dashboard Cite

show abstract

“…Secure Processors -In secure processor architectures (Lie et al, 2000;Suh et al, 2003b;Chhabra et al, 2010), data is kept in the main RAM memory in encrypted form: it is decrypted only within the secure processor when needed, then it is re-encrypted when it is written back to memory. Therefore, a physical attack aiming at spying on the traffic on the bus would only manage to see encrypted data.…”

Section: Related Workmentioning

confidence: 99%

“…Assuming a strong cipher such as AES-128 (AES, 2001), implemented in CBC mode, and a 32-bit data bus used to transfer a 64-byte data block, the overall encryption and decryption operation delays have been measured to be 97 and 141 CPU cycles, respectively (Szefer et al, 2011b). Therefore, given the above assumptions, the average number of cache misses CM, the CPU clock frequency CPU f req and the average execution time time AV , then the percentage encryption overhead of the XOM-type architectures (Lie et al, 2000;Chhabra et al, 2010), can be roughly estimated as:…”

Section: Validationmentioning

confidence: 99%

Confidential Execution of Cloud Services

Cucinotta

Cherubini²,

Jul

2014

Proceedings of the 4th International Conference on Cloud Computing and Services Science

View full text Add to dashboard Cite

In this paper, we present Confidential Domain of Execution (CDE), a mechanism for achieving confidential execution of software in an otherwise untrusted environment, e.g., at a Cloud Service Provider. This is achieved by using an isolated execution environment in which any communication with the outside untrusted world is forcibly encrypted by trusted hardware. The mechanism can be useful to overcome the challenging issues in guaranteeing confidential execution in virtualized infrastructures, including cloud computing and virtualized network functions, among other scenarios. Moreover, the proposed mechanism does not suffer from the performance drawbacks typical of other solutions proposed for secure computing, as highlighted by the presented novel validation results.

show abstract

Advancing Personalized Federated Learning: Group Privacy, Fairness, and Beyond

Galli,

Jung,

Biswas

et al. 2023

SN COMPUT. SCI.

View full text Add to dashboard Cite

Federated learning (FL) is a framework for training machine learning models in a distributed and collaborative manner. During training, a set of participating clients process their data stored locally, sharing only updates of the statistical model’s parameters obtained by minimizing a cost function over their local inputs. FL was proposed as a stepping-stone towards privacy-preserving machine learning, but it has been shown to expose clients to issues such as leakage of private information, lack of personalization of the model, and the possibility of having a trained model that is fairer to some groups of clients than to others. In this paper, the focus is on addressing the triadic interaction among personalization, privacy guarantees, and fairness attained by trained models within the FL framework. Differential privacy and its variants have been studied and applied as cutting-edge standards for providing formal privacy guarantees. However, clients in FL often hold very diverse datasets representing heterogeneous communities, making it important to protect their sensitive and personal information while still ensuring that the trained model upholds the aspect of fairness for the users. To attain this objective, a method is put forth that introduces group privacy assurances through the utilization of d-privacy (aka metric privacy). d-privacy represents a localized form of differential privacy that relies on a metric-oriented obfuscation approach to maintain the original data’s topological distribution. This method, besides enabling personalized model training in a federated approach and providing formal privacy guarantees, possesses significantly better group fairness measured under a variety of standard metrics than a global model trained within a classical FL template. Theoretical justifications for the applicability are provided, as well as experimental validation on real-world datasets to illustrate the working of the proposed method.

show abstract

An Analysis of Secure Processor Architectures

Cited by 7 publications

References 12 publications

The Guardian Council

The Guardian Council

Confidential Execution of Cloud Services

Advancing Personalized Federated Learning: Group Privacy, Fairness, and Beyond

Contact Info

Product

Resources

About