The Guardian Council: Parallel programmable hardware security
International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS
MetadataShow full item record
Ainsworth, S., & Jones, T. M. (2020). The Guardian Council: Parallel programmable hardware security. International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, 1277-1293. https://doi.org/10.1145/3373376.3378463
Systems security is becoming more challenging in the face of untrusted programs and system users. Safeguards against attacks currently in use, such as buffer overflows, control-flow integrity, side channels and malware, are limited. Software protection schemes, while flexible, are often too expensive, and hardware schemes, while fast, are too constrained or out-of-date to be practical. We demonstrate the best of both worlds with the Guardian Council, a novel parallel architecture to enforce a wide range of highly customisable and diverse security policies. We leverage heterogeneity and parallelism in the design of our system to perform security enforcement for a large high-performance core on a set of small microcontroller-sized cores. These Guardian Processing Elements (GPEs) are many orders of magnitude more efficient than conventional out-of-order superscalar processors, bringing high-performance security at very low power and area overheads. Alongside these highly parallel cores we provide fixed-function logging and communication units, and a powerful programming model, as part of an architecture designed for security. Evaluation on a range of existing hardware and software protection mechanisms, reimplemented on the Guardian Council, across the SPEC CPU 2006 benchmarks demonstrates the flexibility of our approach with negligible overheads, out-performing prior work in the literature. For instance, 4 GPEs can provide forward control-flow integrity with 0% overhead, while 6 GPEs can provide a full shadow stack at only 2%.
External DOI: https://doi.org/10.1145/3373376.3378463
This record's URL: https://www.repository.cam.ac.uk/handle/1810/301699
All rights reserved