Show simple item record

dc.contributor.authorAinsworth, Samen
dc.contributor.authorJones, Timothy M.en
dc.date.accessioned2020-02-04T00:31:33Z
dc.date.available2020-02-04T00:31:33Z
dc.date.issued2020-03-09en
dc.identifier.isbn9781450371025en
dc.identifier.urihttps://www.repository.cam.ac.uk/handle/1810/301699
dc.description.abstractSystems security is becoming more challenging in the face of untrusted programs and system users. Safeguards against attacks currently in use, such as buffer overflows, control-flow integrity, side channels and malware, are limited. Software protection schemes, while flexible, are often too expensive, and hardware schemes, while fast, are too constrained or out-of-date to be practical. We demonstrate the best of both worlds with the Guardian Council, a novel parallel architecture to enforce a wide range of highly customisable and diverse security policies. We leverage heterogeneity and parallelism in the design of our system to perform security enforcement for a large high-performance core on a set of small microcontroller-sized cores. These Guardian Processing Elements (GPEs) are many orders of magnitude more efficient than conventional out-of-order superscalar processors, bringing high-performance security at very low power and area overheads. Alongside these highly parallel cores we provide fixed-function logging and communication units, and a powerful programming model, as part of an architecture designed for security. Evaluation on a range of existing hardware and software protection mechanisms, reimplemented on the Guardian Council, across the SPEC CPU 2006 benchmarks demonstrates the flexibility of our approach with negligible overheads, out-performing prior work in the literature. For instance, 4 GPEs can provide forward control-flow integrity with 0% overhead, while 6 GPEs can provide a full shadow stack at only 2%.
dc.description.sponsorshipArm Ltd
dc.rightsAll rights reserved
dc.rights.uri
dc.titleThe Guardian Council: Parallel programmable hardware securityen
dc.typeConference Object
prism.endingPage1293
prism.publicationDate2020en
prism.publicationNameInternational Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOSen
prism.startingPage1277
dc.identifier.doi10.17863/CAM.48770
dcterms.dateAccepted2019-11-11en
rioxxterms.versionofrecord10.1145/3373376.3378463en
rioxxterms.versionAM
rioxxterms.licenseref.urihttp://www.rioxx.net/licenses/all-rights-reserveden
rioxxterms.licenseref.startdate2020-03-09en
dc.contributor.orcidAinsworth, Sam [0000-0002-3726-0055]
dc.contributor.orcidJones, Timothy M. [0000-0002-4114-7661]
rioxxterms.typeConference Paper/Proceeding/Abstracten
pubs.funder-project-idEPSRC (1510365)
pubs.funder-project-idEPSRC (EP/K026399/1)
pubs.funder-project-idEPSRC (EP/P020011/1)
pubs.funder-project-idEPSRC (EP/M506485/1)
cam.orpheus.successThu Nov 05 11:55:48 GMT 2020 - Embargo updated*
rioxxterms.freetoread.startdate2021-03-09


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record