当前位置:
X-MOL 学术
›
IEEE J. Solid-State Circuits
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Jintide: Utilizing Low-Cost Reconfigurable External Monitors to Substantially Enhance Hardware Security of Large-Scale CPU Clusters
IEEE Journal of Solid-State Circuits ( IF 5.4 ) Pub Date : 2021-03-02 , DOI: 10.1109/jssc.2021.3058551 Jianfeng Zhu , Ao Luo , Guanhua Li , Bowei Zhang , Yong Wang , Gang Shan , Yi Li , Jianfeng Pan , Chenchen Deng , Shouyi Yin , Shaojun Wei , Leibo Liu
IEEE Journal of Solid-State Circuits ( IF 5.4 ) Pub Date : 2021-03-02 , DOI: 10.1109/jssc.2021.3058551 Jianfeng Zhu , Ao Luo , Guanhua Li , Bowei Zhang , Yong Wang , Gang Shan , Yi Li , Jianfeng Pan , Chenchen Deng , Shouyi Yin , Shaojun Wei , Leibo Liu
Nowadays, hardware security has become a serious concern for modern CPUs. State-of-the-art detection approaches rely heavily on trustworthy and intimate internal states, incurring significant design/operation overheads and additional risks to security and intellectual property. This article proposes an architecture called Jintide, which utilizes trusted external monitors to validate an untrusted CPU chip at runtime. This architecture records, replays, and analyzes the CPU’s IO and memory behavior with the architectural states. The Jintide simultaneously verifies whether the records are correctly replayed with the instruction set architecture and whether the records involve malicious behavior. Consequently, not only architectural but also micro-architectural threats can be detected. The Jintide adopts the states from the untrusted source because it has a built-in function to detect spurious states. The monitors comprise three types of chips (with 28-/40-nm TSMC technology): a tracer chip to record the behavior of IO ports, multiple tracer chips to record the behavior of DDR4 DIMMs, and a reconfigurable chip to verify these records with software states. As runtime external monitors, the Jintide would be especially suitable to constitute distributed large-scale clusters, which can amortize operation overheads. This scheme is effective in detecting pervasive hardware security issues, including vulnerabilities, backdoors, and hardware Trojans. The measured results show that a system composed of 300 000 Jintide CPUs containing Intel Xeon Skylake processors can detect over 99.8% of recognizable attacks at the cost of 0.98% performance loss. Hence, the Jintide is an extensible, low-cost, and effective solution to improve the hardware security of large-scale CPU clusters.
中文翻译:
金泰德:利用低成本可重构外部监视器大幅提升大规模CPU集群的硬件安全性
如今,硬件安全已成为现代 CPU 的一个严重问题。最先进的检测方法在很大程度上依赖于可信赖和私密的内部状态,会产生大量的设计/操作开销以及额外的安全和知识产权风险。本文提出了一种名为 Jintide 的架构,它利用受信任的外部监视器在运行时验证不受信任的 CPU 芯片。该架构使用架构状态记录、重放和分析 CPU 的 IO 和内存行为。金泰德同时通过指令集架构验证记录是否正确重放,记录是否涉及恶意行为。因此,不仅可以检测到架构威胁,还可以检测到微架构威胁。Jintide 采用来自不可信来源的状态,因为它具有检测虚假状态的内置功能。监视器包括三种类型的芯片(采用 28-/40-nm TSMC 技术):用于记录 IO 端口行为的跟踪器芯片、用于记录 DDR4 DIMM 行为的多个跟踪器芯片以及用于验证这些记录的可重构芯片软件状态。作为运行时外部监视器,金泰德特别适合构成分布式的大规模集群,可以分摊操作开销。该方案可有效检测普遍存在的硬件安全问题,包括漏洞、后门和硬件木马。实测结果表明,一个由 300 000 个包含 Intel Xeon Skylake 处理器的 Jintide CPU 组成的系统可以以 0 为代价检测超过 99.8% 的可识别攻击。98% 的性能损失。因此,Jintide 是一种可扩展的、低成本的、有效的提高大规模 CPU 集群硬件安全性的解决方案。
更新日期:2021-03-02
中文翻译:
金泰德:利用低成本可重构外部监视器大幅提升大规模CPU集群的硬件安全性
如今,硬件安全已成为现代 CPU 的一个严重问题。最先进的检测方法在很大程度上依赖于可信赖和私密的内部状态,会产生大量的设计/操作开销以及额外的安全和知识产权风险。本文提出了一种名为 Jintide 的架构,它利用受信任的外部监视器在运行时验证不受信任的 CPU 芯片。该架构使用架构状态记录、重放和分析 CPU 的 IO 和内存行为。金泰德同时通过指令集架构验证记录是否正确重放,记录是否涉及恶意行为。因此,不仅可以检测到架构威胁,还可以检测到微架构威胁。Jintide 采用来自不可信来源的状态,因为它具有检测虚假状态的内置功能。监视器包括三种类型的芯片(采用 28-/40-nm TSMC 技术):用于记录 IO 端口行为的跟踪器芯片、用于记录 DDR4 DIMM 行为的多个跟踪器芯片以及用于验证这些记录的可重构芯片软件状态。作为运行时外部监视器,金泰德特别适合构成分布式的大规模集群,可以分摊操作开销。该方案可有效检测普遍存在的硬件安全问题,包括漏洞、后门和硬件木马。实测结果表明,一个由 300 000 个包含 Intel Xeon Skylake 处理器的 Jintide CPU 组成的系统可以以 0 为代价检测超过 99.8% 的可识别攻击。98% 的性能损失。因此,Jintide 是一种可扩展的、低成本的、有效的提高大规模 CPU 集群硬件安全性的解决方案。
京公网安备 11010802027423号