## A Low-Cost Memory Remapping Scheme for Address Bus Protection Lan Gao\*, Jun Yang§, Marek Chrobak\*, Youtao Zhang§, San Nguyen\*, Hsien-Hsin S. Lee¶ \*University of California, Riverside § University of Pittsburgh ¶Georgia Institute of Technology ## **Outline** - Background & Motivation - > Secure Processor Model - > Address Information Leakage - Previous Address Bus Protection Solutions - > The HIDE Scheme - ➤ The Shuffle Scheme - Our Low-Cost Address Permutation Scheme - Performance Evaluation - Conclusion 3 # **Oblivious Memory Access** - The idea: [Oded Goldreich et al.] - ➤ Replace each memory access by a sequence of redundant accesses - > Satisfactory from a theoretical perspective - Overhead: | | "naive" | "square root" | "hierarchical" | |---------|---------|-----------------------|-----------------------| | Memory | m | $m + 2\sqrt{m}$ | $O(t \cdot \log^2 t)$ | | Runtime | t·m | $O(t \cdot \sqrt{m})$ | $O(t \cdot \log^3 t)$ | - The Idea: break the correlation between repeated addresses [Xiaotong Zhuang et al. ASPLOS 2004] - > Permute the address space at suitable intervals - ➤ Permute blocks within a "chunk" - How: Lock and Permute - ➤ Lock a block in the cache - A new read from memory - A dirty block since last permutation - > Permute a chunk when replacing a locked block 7 ### The Shuffle Buffer - The Idea: dynamic control flow obfuscation [X. Zhuang et al., CASES 2004] - Relocate a block if they appeared on the bus once - \* How: Random Swap - > Any newly read block is inserted into a shuffle buffer - $\succ$ A buffered block is written back to the address of the newly read block - Only read/write access pairs are observed on the address bus ## **Outline** - ❖ Background & Motivation - ➤ Secure Processor Model - > Address Information Leakage - Previous Address Bus Protection Solutions - ➤ The HIDE Scheme - > The Shuffle Scheme - Our Low-Cost Address Permutation Scheme - ❖ Performance Evaluation - Conclusion 15 ### Our Scheme #### Goals: - > Avoid wasteful memory traffic - Eliminate wasteful permutations - Avoid wasteful reads/writes in each permutation - Preserve locality and keep the page fault rate low ### \* How: RR Block Permutation - Permute only on-chip blocks of the same chunk - > Permute only when an RR (Recently Read) block is to be replaced ## Security Strength - Between two permutations, all addresses on the bus are different - ❖ The easiest case: A block being mapped to the n<sup>th</sup> writeback ->(1- $\frac{1}{128}$ )<sup>r-1</sup>× $\frac{1}{128}$ - It becomes more difficult to make a correct guess with these uncertainties: - > No clear indication when a permutation happens - > No fixed set of on-chip blocks that participate in a permutation 22 ### **Outline** - Background & Motivation - > Secure Processor Model - ➤ Address Information Leakage - Previous Address Bus Protection Solutions - ➤ The HIDE Scheme - ➤ The Shuffle Scheme - Our Low-Cost Address Permutation Scheme - Performance Evaluation - Conclusion # **Experiment Environment** - Tools - ➤ Simplescalar Toolset 3.0 - > SPEC2K benchmarks - Configuration - ➤ Cache - Separate L1 I- and D-cache: 8K, 32B line - Integrated L2 Cache: 1M, 32B line - Chunk Size: 8K, 16K, 32K, 64K - ➤ Other Settings - Page Settings: 4KB, perfect LRU repl policy - Perfect auxiliary on-chip storage for all schemes 25 ## Conclusion - Proposed an efficient address permutation scheme to combat the information leakage on the address bus - Tackled two main problems of the previous schemes: - > The excessive memory traffic in the HIDE scheme - > The increased page faults in the Shuffle scheme - Preliminary experiments: - > Reduce the memory traffic in HIDE from 12X to 1.88X - Keep the page fault rate as low as the base settings