TC: Large: Collaborative Research: 3Dsec: Trustworthy System Security through 3-D Integrated Hardware [proposal] by Huffmire, Ted et al.
Calhoun: The NPS Institutional Archive
Faculty and Researcher Publications Faculty and Researcher Publications
2008
TC: Large: Collaborative Research:
3Dsec: Trustworthy System Security
through 3-D Integrated Hardware [proposal]
Huffmire, Ted (PI)
Ted Huffmire (PI), Cynthia Irvine (Co-PI), Timothy Sherwood (PI), and Ryan Kastner (PI), TC:
Large: Collaborative Research: 3Dsec: Trustworthy System Security through 3-D Integrated
Hardware. Grant Proposal, Proposal No. 0910734, Solicitation No. 08-578, Trustworthy
Computing (TC) Program, Division of Computer and Network Systems (CNS), National Science
Foundation (NSF), 25 November 2008.
http://hdl.handle.net/10945/36687
A TC: Large: Collaborative Research: 3Dsec: Trustworthy System Security through 3-D
Integrated Hardware: Project Summary
While hardware resources, in the form of both transistors and full microprocessor cores, are now abun-
dant, economic factors prevent specialized hardware mechanisms, required for secure processing, from
being integrated into commodity parts. The Information Assurance community is caught between the need
to exploit cheap, fast, commodity microprocessors and the need to ensure that critical security properties
hold (isolation, separation, etc.). For example, multi-core processors, due to their wide adoption, impres-
sive performance, and low cost, are very attractive platforms for computation. Unfortunately, highly secure,
isolated processing of sensitive information on such platforms could be extremely difficult to achieve due to
extensive resource sharing and the lack of strong security primitives.
We intend to explore a novel way to augment commodity hardware after fabrication to enhance secure
operation for only those systems that require it. We propose that commodity integrated circuits, with minor
modifications, could be enhanced with a separate silicon layer, stacked using 3-D integration, for security.
A separate layer allows us to decouple the function and economics of policy enforcement mechanisms from
the underlying computing hardware. This work represents a significant new collaboration that cuts across
all levels of the system stack, from the application software, through the run-time systems, the computer
architecture, down to the level of circuits and packaging – a cross-level problem for which our interdisci-
plinary team is uniquely suited. We plan to identify a minimal and implementable set of critical circuit-level
capabilities that can be judiciously controlled by the architecture and software layers to significantly assist
in reducing software complexity and vulnerabilities.
In this proposal we describe the core technical method by which hardware can be augmented for security
(3-D integration), and we argue that this could require very minimal changes to the the host layer (with early
estimates pointing to increases in area significantly below even 1%). We plan to explore many different ways
in which this new found hardware malleability could be applied, from strong isolation of cores to auditing
and object reuse, but as a preliminary study we describe an initial architecture and performance analysis of
a 3-D layer to eliminate cache-based side channels by re-routing signals from the host computation layer
through a specialized cache manager in the control plane.
Broader Impact: This research introduces a fundamentally new method by which security mechanisms
can be incorporated into hardware and has the potential to significantly shift the economics of trustworthy
systems. In addition, the proposed research has a broader impact through its collaborative and educational
activities. Its integrated research plan will extend the newly-initiated academic partnership between UC
Santa Barbara, UC San Diego, and the Naval Postgraduate School. Graduate and undergraduate student
research associates will transfer knowledge to future teachers, researchers and Information Assurance pro-
fessionals. Finally, the project’s publications will encourage the embedded and hardware design community
to consider security as a first class design factor in their research, publications, and teaching.
Intellectual Merit: The proposed research will combine novel security management techniques built
around fundamentally new hardware abilities enabled by 3-D integration. The current trends of building
trustworthy systems atop increasingly complex and less well understood hardware make such such systems
increasingly costly to deploy and maintain. We anticipate that our research will answer important open
problems in security, implementable through advances in the circuits, architectures, and software. The
results of this research will be applicable to a wide variety of platforms ranging from embedded systems and
network appliances to mobile computing devices and large servers.
Key Words: 3-D circuit, reference monitor, computer security, audit
1
C TC: Large: Collaborative Research: 3Dsec: Trustworthy System Security through 3-D
Integrated Hardware: Project Description
C.1 Introduction
The designers of trustworthy systems built using off-the-shelf components, such as those based on
micro-kernels and virtual machine monitors, often find the underlying hardware insufficient to support the
desired separation, isolation, and protection. Further exacerbating this problem is the fact that new state-
ful features are constantly being added that, while not defined as part of the instruction set architecture
(ISA), can often serve as springboards for further exploitation by adversaries. While hardware resources
are now fairly abundant, security functionality is rarely considered a priority at the platform ISA or micro-
architecture levels. Without a significant shift in the way these systems are constructed (from the software
down to the circuits), we will be forever trapped into spending unacceptable amounts of time and resources
in attempts to mitigate the negative security effects of each new performance feature added by processor
manufacturers.
We propose a significant transformation in the way trustworthy systems are developed and deployed;
one that will allow future generations of commodity parts to be truly dual use. Our proposed technology
will allow troublesome portions of commodity components (for example the processor-to-processor inter-
connect) to be monitored and, if necessary, physically overridden through novel circuit, architecture, and
system software developments. Specifically we propose that through a series of tiny, but carefully placed,
changes to commodity parts, it can be modified to “piggyback” a second highly trusted “control plane”
capable of monitoring, routing, and managing the flow of information on the base computation plane.
Despite pleas from the security community, hardware manufacturers are reluctant to make hardware
support for highly trustworthy systems a priority because ultimately these systems represent only a small
fraction of the total machines sold. Incorporating strong security enhancements requires significant re-
sources, and integrating these mechanisms into a complex design presents many practical and theoretical
problems, driving up the costs and prolonging release schedules – all of which is unacceptable to those who
compete for the extremely cost sensitive desktop market. This is an example of Gresham’s Law: if a man-
ufacturer incurs the cost of security mechanisms deemed unnecessary by the general commodity market, a
competing, less costly product without such mechanisms will dominate; the “bad” drives out the “good”.
Trustworthy computing systems are, in the end, caught between competing pressures to provide complete
and precise security policy enforcement and the need to exploit the abundance of performance and resources
associated with commodity components.
To divide and conquer these problems, we propose to disentangle the security mechanisms from the de-
sign, consolidating them onto a security overlay, literally a separate plane of circuitry that is stacked on top
of a commodity integrated circuit. The security mechanisms that reside in this overlay can then be connected
to the underlying chip with any number of die-stacking technologies, yet can be left unattached to enable
the manufacturer to continue to sell the un-enhanced product at a lower cost. Attaching multiple layers of
silicon together in 3-D stacks is a new, yet already available technology [142], which is being explored by
most major microprocessor manufacturers [83, 20, 109]. As opposed to most current 2-D circuits, which
use only one computational plane consisting of one active layer1, 3-D circuits contain multiple active layers
which are then interconnected using techniques such as through-silicon vias (micron-width wires that are
chemically drilled between the planes). Past 3-D work has focused primarily on either a) how to physically
fabricate a 3-D device (for example the ways in which silicon wafers can be thinned to a few tens of mi-
crons) which our approach will fully leverage; and b) how a single circuit (such as a processor) might be
partitioned between the two or more planes to maximize performance. However, while 3-D integration has
1The active layer is the silicon layer where transistors reside, and metal layers are fabricated above that to connect the transistors
together.
1
been explored as a method for increasing the density and speed of standard processors, we believe we are
the first to propose the use of 3-D integration as a method for including optional functionality – a problem
that, while providing a wealth of opportunities, also introduces a significant new set of challenges.
As such, our proposed work represents a significant new collaboration that cuts across all levels of the
system stack, from the application software, through the run-time systems, the computer architecture, all
the way to the level of circuits and packaging. The main idea is to uncover new and simple-to-fabricate
circuit-level primitives, e.g. the ability to monitor to signals on a physical wire, overwrite state stored
in processor memory, and “override” logic controlling computation while replacing it with more secure
functionality in the control plane. Having enabled architectural modification (such as hard partitioning
of multiprocessor caches) we will then evaluate the potential impact on critical problems facing secure
system design today (such the difficulty in providing strong isolation). With recent advances from our
team in the area of 3-D die-stacking and security architectures [93, 94], our deep experience in developing
trustworthy software systems [73, 135, 65, 79, 61], and our established track record in interdisciplinary
research [57, 60, 56, 58, 59], we believe we are uniquely qualified to embark on this new approach to trusted
system development.
C.2 3-D Integrated Security: from Devices to Applications
We propose to explore the potential benefits and costs associated with the integration of a specialized
control plane included specifically for the purpose of enhancing security in commodity hardware. This
requires modifications across all levels of system design – from devices to applications. We discuss the
ramifications of our approach in each of these levels in the following.
At the Device and Packaging Level: Given commodity hardware components fabricated for mass produc-
tion, how can we turn this into a carefully controlled and monitored device? At the lowest level of hardware
we need a way of making direct metal-to-metal connections (or “posts”) from the control plane to different
parts of the underlying computation plane, so that the control plane can monitor or even actively manage the
underlying hardware to implement and enforce various security measures. This requires physical integration
of a control plane atop the commodity hardware, etching of through-silicon vias (TSVs) to allow the control
plane access to the inner workings of those cores, overcoming any thermal and wire routing issues that this
may present, minimizing the overhead of these changes on circuit performance (power, area and delay), and
solving the problems in integrating different technology nodes (e.g. the control plane is built using a cheaper
130 nm technology node while the computation plane is built in a 45 nm process). While there are already
research results for this work to build on, the fact that this layer is optional makes this problem unique and
changes the parameters significantly.
At the Circuit Level: By selectively introducing 3-D posts, which provide to the control plane direct elec-
tronic connections to critical signals on the computation plane, we can create passive monitors on any part
of the hardware system state; the posts also provide a path for tapped signals to be directed into the control
plane. Active control is more difficult, as it requires that existing circuitry be overridden by the control
plane. Uncovering the set of novel configurable override circuits required, ensuring the timing and power
feasibility of this circuitry, optimizing the placement and cost of their placement throughout the commodity
cores, and developing the means by which these circuits can be inserted automatically though a CAD tool
are all within the scope of the proposed research.
At the Architecture Level: Building upon these basic circuit level primitives, we will be able to very flexibly
both augment and restrict existing hardware to meet the needs of even fairly niche security communities.
The major question is how these primitives can be arranged into viable architectures. Using the circuit level
techniques to monitor and control the underlying hardware enables the ability to augment and restrict the
operation of general purpose hardware, after the primary steps of fabrication are completed, and opens the
door to a host of novel security-aware computer architectures that previously would have been too costly to
2
be viable in today’s commodity-driven market. Novel architectures enabled by this technology, including
hardware support for data tracking, auditing, and object reuse, will be investigated.
At the Systems Software Level: While this underlying shift in hardware technology provides the foundation
for this security work, the end goal is to make trustworthy software easier to both write and verify. For
example, object reuse is concerned with the secure reassignment of system resources to a processing element
(e.g., a process or a processor core) in a manner that prevents the new processing element from scavenging
residual information inadvertently retained in the recycled resources. With explicit hardware support, we
could ensure that the objects are shared through a reference monitor [10] or explicitly cleared in hardware at
the proper times. Rather than performing simple hardware security in isolation, we propose to evaluate the
ability of hardware to eliminate some of the most critical complexities and performance issues in trustworthy
software, including but not limited to effective and secure object reuse, information leakage, and the ability
to virtualize resources.
At the Application Level: In the end, our goal is not only to simplify existing software techniques for trust-
worthy systems, but to extend the operational capabilities of systems in significant new ways. Building on
the lessons learned from our research at the architecture and system level we will explore novel applications
of tightly integrated hardware support.
For all of the above approaches we will analytically and empirically compare the security and perfor-
mance of this novel approach to security through detailed simulation (at the device, circuit, architecture, and
system levels). To drive this research forward on all of these different levels in unison, we plan to begin with
hardware security proposals that, while demonstrably useful, have failed to find their way into commodity
processors. By demonstrating that these proposals would be cost effective, thermally viable, and possible
to integrate with realistic software systems when re-evaluated in the context of our 3-D integrated control
planes, we will quickly uncover the most critical roadblocks to 3-D integration as means of implementing
security features. We provide an initial worked example of this methodology in Section C.4, where we per-
form end-to-end evaluation of a control plane that augments a cache to eliminate eviction based side-channel
attack.
We believe that this research offers a potential to, with absolutely minimal changes to the hardware in
the computation plane, fundamentally alter the nature of the computation plane after fabrication to make
it more amenable to the needs of the security community. However, to be successful this work cannot be
accomplished in isolation because, while there are many circuit and architectural level options, the utility of
these devices can only be evaluated when placed in the context of the state-of-the-art trustworthy systems.
C.2.1 Assumptions and Threat Model
This proposal is intended to contribute highly effective and efficient solutions for secure processing
in concurrent processing environments. We plan to focus on the microprocessor based systems due to their
prominence in the marketplace and in order to achieve concrete measurable results. We will strive to produce
results applicable to a wide range of applications (e.g., embedded, desktops and supercomputing).
It is often the case that different programs running on the same hardware are mutually distrustful while
others must be assumed to be hostile. One example is a program that interfaces to both the Internet and
the internal enterprise; another is a program that must cryptographically transform highly valuable data but
also interfaces with untrusted software. Therefore, security architectures and mechanisms that can ensure
separation of different security domains, with only appropriate interactions allowed between them, may be
of great value.
The threats addressed by our work derive from software with unknown behavior (as opposed to programs
that are concretely understood), whether that software has been provided by the platform or component man-
ufacturer, or arrives on the platform during runtime. Another concern we address, orthogonal to constraining
3
misbehavior of the software, is the need to passively monitor, the activities of hardware and software on the
computation plane with respect to performance, resource usage, etc.
Specifically outside of the current scope of our work are problems associated with the correctness and
integrity of the base hardware (including components on the chip, board resident components and attached
devices), which could be caused by design and implementation error or malicious behavior during the hard-
ware life-cycle (e.g., design, fabrication, and integration) or in the field. Active and passive attacks at the
hardware level, such as physical removal or probing of the control plane, are also outside of our threat model.
Adding a control plane must not introduce new security vulnerabilities to the computation plane. We
will perform analysis to determine whether addition of the control plane has unintended consequences, such
as perturbing the correct operation of the computation plane, degrading its functionality, introducing new
covert channels and side channels, or exacerbating existing ones.
C.2.2 A 3-D Integrated Control Plane Approach
Several 3-D interconnect technologies, such as through-silicon vias (TSVs), are currently being eval-
uated in industry as a means of stacking multiple chips together. Some potential applications include the
stacking of DRAM or bigger caches directly onto the processor die to alleviate memory pressure [108, 129,
85, 140, 70, 67] and designing stacked chips of multiple processors [1]. The main idea is that two pieces of
silicon are fused together to form a single chip, and the two active layers of the silicon are connected through
posts that run vertically between the two planes. This ability to interconnect multiple active layers means
that we can consider optionally adding a layer to a processor specifically for security which would have
access to the security-dependent signals of the system. A processor with this ability could be sold to cus-
tomers requiring, for example, trustworthy security policy enforcement or other security-specific support,
while commodity systems can choose to simply not include this extra control plane.
Large microprocessor manufacturers are unlikely to add dedicated support for security because this
market represents such a small portion of their total customer base. The cost to add functionality directly
into a microprocessor is shared by all users, including the vast majority who are extremely cost sensitive and
do not have trustworthiness requirements. By fabricating the control plane with functions complementary to,
but separate from, the main processor, stacked interconnect offers the potential to add security mechanisms
on just a small subset of devices without impacting the overall cost of the main processor. Just to be clear,
we are advocating the development of a processor which is always fabricated with connections built in for
security. The difference between the system sold to the cost-sensitive consumer and the one that is sold
to the customer with specific trustworthiness requirements is only whether a specialized security plane is
actually stacked on top of the standard IC or not.
C.2.3 3-D Integrated Passive Monitors
We first consider methods by which the control plane can passively monitor information from the com-
putation plane. This requires modification of the computation plane, in a minimally intrusive manner, so that
the control plane can observe selected information of interest from the computation plane. The additional
circuitry in the computation plane must be designed so that the bonding operation is not difficult and so
the computation plane is fully functional in its absence. In general, we may wish to monitor accesses to a
particular region of memory, audit the use of a particular set of instructions, or observe data being transmit-
ted across a bus. To perform such monitoring, we must understand when these events are occurring, which
necessitates that the control plane tap some of the wires on the computation plane. This requires posts that
tap the information of interest (the instruction register, memory and bus, respectively), and will give the
control plane direct access to the data currently residing on these wires.
This type of passive monitoring is reasonably straightforward to implement in 3-D technology. It re-
quires a set of vias starting at the logic residing on the active layer of the computational plane, moving
through the metal layers until it reaches the top of the computation plane, where it connects to a contact
4
point that resides in the dioxide that separates the control and computation plane2. From there, the contact
point connects to a TSV that passes through the silicon substrate of the control plane, and finally to the logic
on the active layer of the control plane. Figure 1 provides a pictorial example, showing four such connec-
tions, which we define in a generic, technology independent manner as “posts” – quite simply a connection
between the logic on the control plane and logic on the computation plane. The area overhead of this passive
style monitoring is minimal. Each post requires roughly the area consumed by one SRAM bit. Our prior
work [93] provides an in-depth analysis of the overhead in the context of hardware support for debugging.
Our preliminary estimates indicate that, even with very pessimistic assumptions about the technology, there
would be less than a 2% increase in the total area on the base level and that there would be no noticeable
delay added [93]. The small amount of area overhead is due to the need to save space for the vias across
all of the layers of on-chip metal, but this preliminary work assumed that only passive monitoring would be
required.
C.2.4 3-D Integrated Override Circuitry
While passive monitoring allows for auditing, anomaly detection, and the identification of suspicious
activities, trustworthy systems often require strong guarantees about restrictions to overall system behavior.
The key ability needed to support such functionality is to override, possibly temporarily, parts in the un-
derlying system that reside on the computation plane. The override would allow us to temporarily turn-off
a portion of the system, e.g., to insure that it does not perform an illegal operation or leak sensitive data.
Or it could turn off the underlying component and redirect its control and data to a similar component on
the control plane, insuring that the overall system still functions while using a more trustworthy component.
This type of active control is very powerful, yet it can easily cause unintended behavior. As such, we must
carefully analyze the effects of any override that we perform.
Consider a more concrete example: overriding a bus on the computation plane to redirect all of its traffic
through a more secure bus on the control plane, e.g., one that employs a reference monitor [10]. The
bus override on the computation plane is accomplished in three steps. The first step must ensure that the
control plane has unfettered access to all necessary data used by the bus on the computation plane (tapping),
which is, in essence, the same as the passive monitoring scenario described above. The second step is
to disable the bus in the computation plane, but only when the control plane is present. While tapping
requires little additional support from the computation plane (essentially just the insertion of metal vias),
active override requires slight modification to the computation plane, as we describe in more detail the
following. The difficulty resides in the fact that we must remove functionality only by adding a control
plane. The computation plane must still be fully functional without the control plane, yet it needs to be
constructed so that by wiring in some extra circuitry the targeted bus in the computation plane can be
completely disabled. The final step is to build the secure bus in the control plane that takes the tapped traffic
from the computational plane, passes them through a reference monitor, and redirects the output back down
to the computation plane. This entire scenario is shown in Figure 1.
Figure 1 shows how a simple bus connecting two computational cores can be overridden through the use
of 3-D integration. The computation plane has four active components residing on the silicon substrate. The
inner two components are buffers which drive the bus, and the outer two represent two pieces of logic (e.g.,
computational cores) that utilize the bus to send/receive information between them. There are four posts3.
The two outer posts passively transmit the data sent by the two cores to the bus. Note that this would require
more than just one post (a post for each bit of data needed to send information across the bus); however we
only show one post for the sake of clarity. The two inner posts are used to actively disable the bus buffers
using sleep transistors that are added to the computation plane. These sleep transistors essentially turn off
2This dioxide acts as an insulator between the two planes and is only present when the control plane is present.





































Figure 1: This figure shows four vertical posts, each consisting of
a TSV and vias, connecting the computation plane and the control
plane. The two inner posts, together with sleep transistors, disable
the bus in the computation plane. Signals are rerouted to the refer-





















Figure 2: A circuit diagram of the sleep tran-
sistors
the bus on the computation plane, insuring that no data is transmitted over it. The data from the outer posts
is routed to logic on the control plane that implements the functionality of the bus, while adding a reference
monitor. This reference monitor can be used for a variety of situations, e.g., insuring that no confidential
data is transmitted across the bus.
Let us go back to the second step – disabling the bus on the computation plane. The easiest way to
implement this would simply be to insert a ground line onto the wires of the bus to be disabled. This has two
problems. First, when the wires are driven by any component using the bus (which should be oblivious to
the fact that its signals are being routed to the control plane), it is driving current right into ground, creating
a short. This in turn consumes a significant amount of power. The second problem is that the wires which
are now grounded were the same ones we were going to tap, effectively making those taps useless. In other
words, the signals that we wanted to reroute to the control plane are now all grounded.
An alternate method is to disable the portion of the chip responsible for driving the bus. While this
sounds intrusive, we can in fact leverage an existing circuit technique called power gating [114]. Support
for power gating is added through the addition of sleep transistors placed between a circuit’s logic and its
power/ground connections. The sleep transistors act as switches, effectively removing the power supply
from the circuit. The circuit is “awake” when the transistors are given the correct signal to be turned on,
which provides power to the circuit allowing it to function normally. Alternatively, the sleep transistors
can be given the opposite input and turned off, thus disconnecting the power to the circuit, temporarily
removing all functionality, and effectively putting the circuit to “sleep”. Sleep transistors are traditionally
used to temporarily disable unused portions of an integrated circuit, saving power by preventing leakage
current [119]; however, their use is also beneficial for providing the functionality an override requires, and
we believe that we are the first to propose the use of sleep transistors for secure override.
Figure 2 shows a circuit diagram of the sleep transistors. The use of sleep mode holds many benefits at
a nominal cost. With only a small amount of added hardware (two transistors and two resistors) and posts
for connectivity to the control plane, we can selectively turn off portions of the computation plane to force
adherence to any specific security policy enforced in the control plane. The exact size of the sleep transistors
depends on a variety of factors, which includes the time to turn off/on the circuit and the amount of leakage
power savings. These factors are relatively easily varied by changing various physical properties of the
6
sleep transistor, e.g. gate length, oxide thickness and doping [8]. In fact, smaller technology nodes (less
than 90nm) need only one sleep transistor due the use of lower power supply voltage [119]. Finally, many
modern chips already employ power gating on their shared buses. In this case, the amount of added hardware
necessary to apply our security measures is decreased, as only posts to the control plane are needed.
C.3 Proposed Research
While the previous section described several technical details of our proposed technology, there are many
open questions that this research plans to address. This includes everything from the feasibility, cost, and
overhead of the override circuitry, to the creation of architectural security primitives capable of exploiting
this circuitry, to an analysis of the benefits of the end capabilities provided to the software layers.
C.3.1 Research Objective 1: Cost and Performance Analysis of 3-D Integration of Security Layers
Fundamentally it is the economics of the integrated circuit market that has prevented the wide adoption
of hardware support for security, and so it is critical that we consider the cost of trustworthy systems with a
control plane stacked on top. There will be a tangible cost to fabricating systems using our approach, as it
requires fabricating and testing the security engine, bonding it to its host layer, fabricating the vias necessary
for it to communicate with the lower chip, and testing the “joined unit.” There is a further cost in terms of
the thermal effects. The physical heat sink of the bonded unit attaches to the surface of the host layer as
before, but the additional computational density may require the use of more expensive heat sink technology.
As the fabrication methods are still an emerging technology, it is difficult to estimate these additional costs,
although many in the hardware design community are advocating a move towards 3-D interconnect for
performance reasons. If this is the case, and 3-D integration becomes mainstream, the incremental cost of
adding a layer specifically for security will be small (especially if we are able to develop one reconfigurable
control plane that could be used for multiple different families of chip).
The inter-chip 3-D interconnect could take the form of any number of different competing technologies,
including chip-bonding, Multi-chip Modules (MCM) [87], chip-stacking with vias [16, 37], or even wireless
superconnect [89]. While chip-bonding and MCM technology are already used in a variety of embedded
contexts [2, 13], more aggressive interconnect technologies are being heavily researched by several major
industrial consortia. We propose to perform an in-depth evaluation of the feasibility of 3D technology
to support our proposed approach (optional security layers), from a technological, thermal, architectural,
and software viewpoint through detailed simulations and limited design prototypes. Specifically we plan to
pursue areas of inquiry along these lines:
• Drawing upon our experiences creating low level hardware models for use by architecture and soft-
ware developers [118, 117], we plan to create a configurable and integrated thermal/performance/cost
model and to use this model to help us explore and exploit novel tradeoffs between software devel-
opment complexity, ease of verification, system performance, and end cost of deployment. Currently
there are no performance or cost models for this idea of optional planes, and the development of one
will make this area accessible to both the research community and practitioners without requiring
detailed circuit level knowledge.
• Further along these lines, we propose to characterize the complexity of this new optional layer design
methodology through the development of small functional prototypes created on FPGAs. By using
our prior FPGA separation techniques [58, 59] we can build an analog of these end systems by im-
plementing the control plane functionality on an physically distinct portion of the chip, which will
allow us to rapidly quantify the impact on the computational layer in terms of design complexity and
performance.
7
C.3.2 Research Objective 2: 3-D Configurable Base Layer Circuits and Optimization
In order to create the security mechanisms that we propose, we will need to develop novel circuits and
interconnection mechanisms that allow traditional on-chip communication and control channels (e.g. buses
and state-machines) to be overridden by the control plane. Research will be required to uncover the set of
novel configurable override circuits required, to ensure the timing and power feasibility of this circuitry, to
optimize the placement and cost of their use throughout the commodity cores, and to develop the means by
which these circuits can be inserted automatically though a CAD tool. All of these problems are different
from those encountered in “traditional” 3D design, and all are within the scope of the proposed research.
For example, in a naive design, the special purpose override logic required to disable some other func-
tional block could be quite large, because each overridden logic element will require require at least one
through silicon via (TSV). This override logic could be grouped into networks, and it makes sense to group
transistors into components such that only one TSV is required to turn off the entire component. We can
extend this idea to allow a programmable TSV fabric for groups of components. (e.g. we could gang a set
of buffers that always operate together onto a single control TSV). The natural question that then arises is
how to (semi-)automatically make such decisions. We must balance the amount of TSV control logic on the
computation plane with the number of TSVs and his requires careful analysis of the relationships between
the components that we wish to control. Specifically we plan to pursue areas of inquiry along the following
lines:
• To allow the override of key signals we will investigate the development of a new class of circuits
and components that allow the base layer to be overridden through sleep transistors or other means.
We will begin with circuits critical to the context of their specific use (security enhancement of near-
commodity parts) where timing, performance, and clocking must be minimally perturbed.
• As the placement and use of these novel circuits may become complicated in the context of a large
microprocessor or embedded system, we will generalize from the circuits described above to create
CAD tools capable of partitioning, placing, and optimizing the functionality of the base-layer circuits
required to inter-operate with the control plane.
C.3.3 Research Objective 3: Novel Control Plane Architectures and Analysis Tools
While the circuit level primitives are a necessary part of our proposed research, the circuits are not
semantically meaningful until they are integrated in the architecture and exposed and functions or restrictions
to the software layers executing in either the computational layer or the control plane. Consider the example
of the caches. With the addition of the control plane these caches could be overridden completely (by fully
implementing a cache in the control plane), but this would have a dramatic performance and cost impact.
At the other extreme one could simply monitor the access to the caches to detect suspicious behaviors but
this would likely not be suitable for trustworthy systems because of the variety of channels available for
communication. Between these two extremes there are a host of possibilities, from modifications that will
make the cache appear to be “hard partitioned”, to augmenting the cache with special tags used to prevent
covert channels [136].
We will explore the novel tradeoffs these present, where we are concerned with minimizing (or eliminat-
ing) both the modifications required to the base layer to allow this and the higher level security management
opportunities it creates. This line of research will start with existing structures from commodity parts, and
will progress to explore the codesign of novel architectural structures from scratch. Specifically we plan to
pursue areas of inquiry along these lines:
• We will start with the creation of novel and optimized architectural memory structures (e.g. caches,
predictors, scratch-pad memory, etc.) that are enhanced with minimal changes to the base layer in
8
ways useful for security. The key difference between this and a great deal of past work is that,
with the expensive security functionality physically removed, the base architecture must still be fully
functional at the highest levels of performance. For example, a partitionable cache cannot be simply
designed from scratch – we must start with a standard high performance cache and then determine
what physical on-chip wires can be exposed to the control plane to be able to reuse as much of this
base cache as possible. We will develop such a cache architecture, and demonstrate its ability to
support several different modes of operation with a prototype (some initial work towards this goal is
presented in C.4)
• Building on our work towards memory structures we will extend our methods to include general logic
and wires (e.g. buses, on-chip networks, controllers) To really expose the semantics of the underlying
computation plane to the control plane will require a set of primitives that can monitor, audit, track,
and modify (etc.) the actions and flow of information on the computational plane. We will explore
the development of 3D primitives such as override-able buses and interconnect, architectures that
support data flow tags on a second layer, and ways to physically augment processors in a way that
new instructions are added. All of these will be implemented with the circuit techniques developed
from above (to validate those approaches), first in simulation and then with a prototype, and will be
used as the mechanisms through which security policies and management techniques described below
will be enforced.
C.3.4 Research Objective 4: End-to-End Evaluation of the Control Plane for Security
We will build on the results of Research Objectives 1, 2, and 3 to validate the effectiveness of the 3-D
integration approach by constructing system- and application-level security solutions, and through direct
validation studies.
We provide an in-depth discussion of cache management in Section C.4 as the primary validating exam-
ple of our proposed methods. To ensure focus, we will initially focus on the cache. However, since we may
need to approach the validation through different avenues, we propose to also investigate select features of
other applications, such as data tracking, auditing, and object reuse, as required for validation of interim
research results. Tracking involves building “shadow logic” in the control plane to track information flow
of a corresponding circuit in the computation plane, at the gate level [127]. Object reuse involves properly
clearing the state of data and computation structures in the computation plane prior to reassigning those
resources to a different working session. Auditing involves monitoring and logging the actions of processes
in the computation plane to establish accountability and to support fail-secure and recovery requirements.
At the system level, we will formally analyze the correctness and security of the mechanisms in the
control plane. We will make use of formal methods as part of this effort. In addition to the control plane,
we will also validate that the modified computation plane operates correctly in the control plane’s absence.
In addition, we will validate the composition of the control and computation planes. The last validation task
is to ensure that the contact points are correctly positioned and operate correctly. We will also consider the
protection of the control plane and how to dynamically change the policies enforced in the control plane.
Specifically, we plan to pursue areas of inquiry along these lines:
• A study of the security and performance requirements for a hardware cache management mechanism.
This work will focus on specifying requirement “metrics” to help determine the completeness, and
measuring the sufficiency of, the cache management subsystem developed in the next task.
• A configurable 3-D cache management mechanism for mitigating cache-based side channels in CMPs.
This task will follow the tools study and cache requirements study to produce a model design for
securely managing the data cache on a CMP. The research challenge is to achieve control of the cache
9
without significant delay in execution. We plan to provide a comparative analysis of the results with
various approaches discussed in the literature.
• System-level security analysis of the 3D cache controller, including the control plane and the support-
ing elements on the computation plane. In addition to investigating the self-protection capabilities of
the control plane, this will include analysis of unintended degradation of the functionality or security
of the computation plane, such as creating or exacerbating size channels and covert channels. This
analysis must also check whether adding the control plane perturbs the correct operation of the com-
putation plane, for example when the computation plane depends on a signal that has been forced to
take a detour to the control plane.
• Dynamic management of the control plane. A static control plane could be configured to always func-
tion the same way. This work will investigate how to provide secure configurability of the control
plane during runtime, including utilization of any I/O mechanisms to be defined in Research Ob-
jectives 2 and 3. Of particular interest is how to ensure at the system level that only the intended
configuration changes occur.
C.4 Validating Example: Cache Side Channels
In this section, we present a concrete example of how the control plane can enhance the security of an
existing computation plane. We describe a method to prevent a microprocessor cache from being used as a
vehicle for unintended information flows using 3-D integration. We develop a functional 3-D control plane
that eliminates eviction based cache side channels. Our design includes a fully synthesizable cache, as well
as circuitry residing on the control plane that eliminates the cache line eviction side channel. The cache
works normally in the absence of the control plane; however when the control plane is present, cache lines
belonging to protected processes are not evicted, eliminating the side channel described by Percival [103].
We analyze the cache design, both with and without the 3-D control plane, which allows us to determine the
specific performance impacts of the 3-D integration for security. The experimental results indicate that the
effects of the 3-D security are minimal; it requires a small amount of modification to the computation plane,
that results in a limited effect on both the delay and area of the cache.
C.4.1 Existing Approaches to Cache-Interference Side Channel Attacks
The design of microarchitectural shared resources, without corresponding ISA primitives to secure shar-
ing (e.g., the task and segment management features of the Intel iAPX86 processor come to mind as ex-
amples with such primitives) puts operating system designers – who have the responsibility of managing
hardware in a secure manner – in a difficult situation. Previous software approaches have been to either
ignore the problem or to hit it with a big hammer that has an onerous performance impact.
Cache interference on microprocessors has often been dealt with by “normalizing” the cache (e.g., evict-
ing all cache lines) between execution of different security domains (i.e., during process context switches). It
is very time consuming to replenish the cache from off-chip memory, and various techniques have been de-
veloped to avoid doing so unnecessarily [55]. However, this approach is ineffective for processors supporting
concurrent execution – chip multiprocessors (CMPs), as well as single-core computers with simultaneous
multithreading (SMT), and symmetric multiprocessor (SMP) systems with cache coherency mechanisms,
since access to the cache is interleaved at a far more granular level than process switching. In these sys-
tems, microarchitectural interference has been a significant challenge since its efficient solution appears to
lie beyond the capability of the usual operating system virtualization techniques.
Recent research has responded with mixed results. For example, the cache can be physically or logically
partitioned per equivalence class (if virtual cache support is available in hardware) [102, 136], which would
require modification to the processor in the former case, and reduces the effective cache size in both cases.
10
Various forms of cache disablement are possible, ranging from completely turning it off, to turning it off
for certain cores or processes [100], to eliminating cache line evictions for protected processes [103], all
of which result in response time penalties. Lowering the bandwidth of the cache channel [101, 128, 102]
may leave the design open to future exploitations as this approach does not eliminate the covert channel’s
essential point of interference. A similar problem occurs with application-level mitigations against features
of specific cryptographic algorithms [3].
In the following, we demonstrate how to integrate Percival’s protection scheme [103] into a 3-D con-
trol plane. We use the example as a way to provide concrete measurements of the impact of the control
plane, which requires a specific scenario. And despite the exact nature of our example, we believe that our
techniques are useful to implement a wide array of security features as we argued in the previous sections.
C.4.2 A 3-D Enforced Cache Eviction Monitor
We devised a strategy to use the control plane to protect against the type of cache eviction side channel
attacks described by Percival [103]. In this scheme, the control plane maintains a cache protection structure
that indicates, for each cache line, whether it is protected, and if so, for which process. When a different
process loads or stores data related to a protected cache line, no eviction will occur and the data is not cached
unless an alternate line is available in the cache protocol being used. Figure 3 shows a flowchart describing
this new protocol. Figure 4a provides a high-level overview of how the cache and the control plane will
interact; specifically, the cache protection structure contains memory elements on the control plane to store
“security bits”, which hold the permissions of a process to evict shared cache entries of other processes.
With this in place, when instructions proceed to load or store data, these security bits are first checked to
determine whether to grant a cache eviction that might otherwise have occurred without policy oversight. As
mentioned previously, when the control plane is not attached to the processor, the cache functions as normal.
However, when the control plane is included in the design, we can utilize this aforementioned strategy to
avoid undesirable cache evictions. This is performed with an updated version of the two instructions load
and store. These instructions, named secure load and secure store, will change the security bits in the
control plane to reflect the process that currently occupies the line. Effectively, secure load and secure store
will set the bits to ensure that once a cache line is occupied by a process that needs cache eviction control, it
cannot be evicted by any other process. This will control a simultaneous multithreaded processor’s shared
memory and eliminate any threat of a side channel attack based on cache usage timing.
As a proof of concept, we have developed a synthesizable version of our security mechanism in Verilog.
We designed our security mechanism as a separate module that we interfaced with a simple cache that we
also implemented as a hardware design; our design uses a straightforward direct-mapped cache. During
every load/store instruction, the cache controller first checks the control plane module to determine whether
the related cache line is protected from evictions. The security bits on the control plane hold a valid bit, a
process ID, and a lock bit for each cache line. During the loads and stores, these security bits are checked in
the control plane and a “grant” signal is generated if the cache line is open to eviction. While every load and
store will be forced to check the security bits before proceeding, these security bits can only be manipulated
by using secure load and secure store.
This approach has certain performance implications (discussed in Section C.4.3), since every load and
store that would normally evict must first check with the control plane before proceeding. Malicious perfor-
mance degradation and other attacks on the control plane cache-protection structure are prevented, since the
security bits can only be manipulated through secure load and secure store instructions.
We synthesized these two modules and have verified that this is in fact a functional design and that it
can easily be scaled and implemented with a low amount of overhead. This will be discussed in further
detail in the following sections where we analyze performance metrics, overhead for a modern processor,
and feasibility.
11
Perform load or 
store without 
change to any 
cache line 










bits on control 










bits on control 
plane to grant 
or deny 
eviction 
Figure 3: A flow chart describing how loads and stores
from the computational plane interact with the cache


































1.Given any load 
or store; return 
whether  cache 
eviction is  
granted 
2.Given secure 
load or store; 
update security 





Figure 4: (a) Overview of control plane’s responsibilities
and interaction of cache and control plane. (b) Rela-
tionship between max frequency (GHz) of cache eviction
monitor and delay of posts modeled as inverter delay.
C.4.3 A 3-D Enforced Cache Eviction Monitor: Performance and Analysis
This section analyzes the performance and area overhead of the 3-D monitoring. We use Synopsys De-
sign Compiler to synthesize an ASIC version of our design and extract specific timing and area information
for our 3-D assisted cache. To provide a clear picture of the overhead/performance trade-off of our design,
we gathered timing and area information for both the cache and its controller alone, as well as the cache
and its controller interfaced with the 3-D plane module. We performed synthesis using a TSMC standard
90nm cell library. The stand-alone cache was able to run at approximately 1.58GHz. When we include
the control plane to eliminate eviction based side channels, the frequency drops to approximately 1.08GHz.
This indicates that the critical path resides in the control plane. The high frequency of the stand-alone cache
is due to the fact that it is a direct mapped cache. This requires very simple and limited logic to use a portion
of the address to index into the cache entries and compare the tag of one data entry with another field of the
address. Other cache organizations using higher levels of associativity will likely result in lower operating
frequencies as they require the comparison of multiple tags per memory access. In the event that the cache
controller’s critical path is longer than the critical path of the security mechanism, there will be no observed
performance degradation when adding the control plane.
The above performance metrics do not take into account the delay of the vertical posts between the
control plane and computation plane. To accurately portray the performance of 3-D integration, we must
consider the delay that the posts will add to the signals passing from the computation plane to the control
plane and vice-versa. Since 3-D integration technology is evolving, we modeled the delay of the posts in
terms of inverters or NOT gates. I.e., we assumed that the delay of each of the posts was a multiple of an
inverter delay, and varied the number of inverters. This will effectively insert delays where needed without
changing the functionality of the design.
Figure 4b shows the relationship between maximum frequency in GHz and the number of NOT gates
used to model the post delay. The x-axis shows how varying the delay of the posts (in terms of delay
12
through the corresponding number of inverters) changes the resulting frequency. The case of zero NOT
gates or inverters corresponds to the 1.08GHz result that we described earlier. Increasing the delay of the
posts, i.e., increasing the number of NOT gates, reduces the frequency. We are confident that the true delay
of the posts will fall somewhere within the bounds of Figure 4b. In fact, there is evidence that the delay of
the posts is negligible compared to the delay of the wires [69], making the result equal to the case of zero
inverters, i.e., 1.08GHz.
The total cell area of the cache protection structure occupies about 7,200 area units (A.U.)4, compared
to the cache, which utilizes about 45,000 A.U. We note that since the security plane is a separate piece of
silicon and that this area does not translate into any additional overhead in the computation plane. The actual
overhead of the computation plane comes from the use of posts to send information from the computation
plane to the control plane. In this case, the control plane reads the instruction (8-64 bits, depending on
the processor) and must transmit a one-bit grant signal back to the computation plane. Therefore, in the
worst case (a high end workstation/server) there are 65 posts. The area of a post is approximately equal
to one SRAM cell. Thus, we are adding the equivalent of approximately eight bytes to the cache. This is
insignificant in caches on most advanced processors, where caches hold megabytes of data, and has minimal
impact on microprocessors with kilobytes of cache, as found in many embedded applications.
C.4.4 A 3-D Enforced Cache Eviction Monitor: Discussion and Integration Options
The previously described 3-D cache eviction monitor is an initial case study, and will undoubtedly re-
quire additional thought and modifications if we want to include it into an existing microprocessor. However,
it serves as a glimpse into the types of end-to-end evaluations that we plan to perform over the course of
the grant (described in more detail in Research Objective 4 – Section C.3.4). This section describes some
potential modifications to our existing cache design, which we leave as initial research goals for our grant,
along with some follow on work more broadly related to cache security.
The cache eviction monitor requires: 1) the process ID of a thread during its execution, 2) access to
the instruction bus, and 3) a method of discerning between normal and secure loads and stores. These are
the high-level requirements of the control plane, which in most scenarios will require posts to relay this
information to the control plane. For our 3-D cache monitor to function, we need to know the process ID
of the thread performing the current load or store function. One option we have explored is accessing the
process ID register that some architectures have, such as the ARM926EJ-S [84]. Accessing this register
through the vertical posts will give the control plane direct access to the current process ID, allowing the
control plane to compare it to the security bits. We also need to know when loads and stores are being
executed. This is possible by accessing the instruction bus, which allows us to monitor the execution of
loads and stores, and to subsequently perform our security measures on those instructions. The execution of
loads and stores in the presence of the control plane will follow the protocol outlined in Figure 3.
In addition to the process ID and current instruction, the control plane must know whether or not each
load/store operation is secure or not, so that it is possible to determine whether the security bits in the control
plane need to be updated. One way to supply this information is to modify the instruction set to include two
special instructions, secure load and secure store. This would create separate instructions that the control
plane is aware of in order to distinguish between a normal load/store operation and a secure load/store
operation. Another option is to have a register that reflects whether the current instruction is secure or not
on the computation plane. The operating system can control this bit based on whether the instruction is
secure or not, and the control plane could read this register. Both options are feasible and have no negative
implications on the rest of the system.
Delivery of required information (discussed above) to the control plane will be through the posts. A
4Area units are way to denote hardware area in a technology independent manner. One A.U. is approximately equal to 54 square
microns in 90nm technology.
13
general idea of the number of posts the control plane will need on a given system is the sum total of bits
consisting of instruction size, process ID size, possibly one post for the secure register, and a “grant” bit
post to send the output of the control plane. For the ARM926EJ-S, this equates to under 100 vias; this is
certainly a small and reasonable number of vertical posts to implement a strong security measure.
C.5 Merit, Broader Impacts, and Education
C.5.1 Broader Impacts
This research has the potential to revolutionize our perception of how security mechanisms can be in-
corporated into hardware. It has the potential to permit the broad use of commodity processors with no
modification, while those with specific security requirements can purchase identical chips to which a 3-D
layer has been added. In addition, the use of reconfigurable hardware technologies will provide a high
degree of flexibility that will permit organizations to have customized security policies for hardware man-
agement. The set of hardware security primitives to be developed in this project can be used individually or
in various combinations to achieve security objectives, and the use of our evolving techniques for hardware
assurance will result in trustworthy solutions. These results will be applicable to a wide variety of platforms
ranging from embedded systems and network appliances to mobile computing devices and large servers.
More broadly, the use of 3-D technology for security will demonstrate the value of security mechanisms
thus leading to their integration into commodity processors.
C.5.2 Education
This work is exploring new territory, has the potential for broad applicability, and has an interdisci-
plinary technological scope, all of which make it an ideal topic with which to attract students to the field of
cyber security, and in general engage them with the fundamental concepts of computational thinking[139].
Among the target populations of our educational activities will be students at three major universities on the
West Coast. Two of the campuses involved are part of the University of California (UC Santa Barbara and
UC San Diego), both of which have very strong programs in Computer Science, Computer Engineering,
and Electrical Engineering. The third school, the Naval Postgraduate School in Monterey, is a DoD uni-
versity and attracts graduate students with a strong emphasis on science and engineering. In all three cases
the universities (and specifically the PIs involved) actively seek both gender and ethnic diversity in their
student bodies. The PIs from UC Santa Barbara, UC San Diego, and the Naval Postgraduate School have
started discussions on ways to share undergraduate and Masters-level students. We also plan to encourage
participation by a subset of these students in the research activities, most likely as summer interns.
C.5.3 Results of Prior NSF Grants
Our team draws from substantial expertise in computer architecture and novel technologies. We have a
well-established track record in systems and security research with broad impact in academia and industry.
PI Sherwood led the development of the tool SimPoint [118] and the underlying technique for reasoning
about and predicting the behavior of programs over time, Program Phase Analysis.
Towards a more formal framework for implementing secure hardware, Dr. Sherwood served as the PI
for “Adaptive Security and Separation in Reconfigurable Hardware” (NSF Cyber Trust $600K), where our
team has developed the basic building blocks required to compose highly trustworthy FPGA based systems.
This research focused on enabling a new class of systems that are highly optimizable, reconfigurable, and
secure. Novel techniques were developed to enforce program separation at the logical level [58] and to
protect memory from arbitrary access [59]. PI Kastner and co-PI Irvine both have extensive experience in
the management of significant research projects.
TIM SHERWOOD leads efforts supported by three different NSF grants, all concentrating on extended
functionality processing. His NSF Career grant (NSF Career $400K), on “Architectural Support for On-
line Security Analysis” is developing new high throughput hardware techniques applicable to the irregular
14
streaming problems faced by network security, for example high speed string matching [125, 124] (selected
as IEEE Micro Top-Pick) and Virtually Pipelined Network Memory [9] (nominated for best paper). Dr.
Sherwood is additionally the PI of “Mimir: A Geometric Approach to Multi-dimensional Program Profil-
ing Architectures” (NSF CCF $300K 8/07-8/10) which aims to leverage streaming computational geometry
to sift through on-line profile data at unprecedented speeds, yielding a highly accurate and timely image
of system execution. For example, architectures that dynamically partition the profile space into ranges
can provide both accuracy and coverage with worst case bounds [95, 96] (selected as CGO best paper).
New analysis along these lines (but outside the scope of the above grant) on 3D integration for introspec-
tion [93, 94] (selected as IEEE Micro Top Pick) and techniques for architecture level circuit and thermal
analysis [86, 93, 94] can be leveraged for the proposed work. In addition, and unrelated to this proposal, he
plays a supporting role in two other recent projects: “A Collaborative Framework for Design and Fabrication
of Metallic Carbon Nanotube based Interconnect Structures for VLSI Circuits and Systems Applications”
and “Low-Power Digital MEMS Feedback Control” in which he is helping to explore the architectural pos-
sibilities presented by carbon nanotubes and micro-electro-mechanical systems respectively.
RYAN KASTNER has been partially supported by three NSF grants. He is co-PI on the NSF Cyber Trust
grant described above. He is also the PI on NSF grant “Adaptive radiolocation for mobile sensor networks”
(NSF CNS, $397K), for which he has developed algorithms for time-of-arrival estimation and positioning.
He is also the PI on NSF grant “CSR-EHS:Architecture and Design Tools for Software Defined Acoustic
Modem” (NSF CNS, $180K), for which he is creating hardware and tools for underwater acoustic data
transmission.
TED HUFFMIRE is a junior faculty member. His doctoral thesis work contributed to the NSF CyberTrust
grant described above, and he is co-authoring a book, Handbook of FPGA Design Security, to be published
by Springer. This book is intended for researchers and practitioners in the electronic design automation
(EDA) and FPGA communities who are interested in security, including companies, industrial research
labs, and academics.
CYNTHIA IRVINE has been partially supported by six NSF grants. “Collaborative Research: CT-
T: Adaptive Security and Separation in Reconfigurable Hardware” (CNS-0524707, three years, ongoing,
$282,603) is collaborative with UCSB and UCSB (described above0. Publications involving NPS personnel
include: [57, 60, 56, 58, 62, 59]. The “NPS CISR Scholarship for Service: Scholarship Track” (DUE-
0114118, completed, $2,235,704 and supplement of $1,039,037) graduated 45 students with resulting pub-
lications [11, 12, 14, 21, 22, 24, 26, 27, 29, 30, 31, 34, 36, 38, 39, 41, 44, 45, 49, 50, 51, 52, 53, 54, 68, 71, 88,
90, 92, 97, 99, 104, 110, 112, 113, 115, 116, 122, 123, 130, 131, 132, 133, 137, 141, 15, 28, 35, 40, 134]. “In-
formation Assurance Through Scholarship and Service” (DUE-0414102, four years, ongoing, $2,542,314)
continues earlier SFS activities. Publications resulting from this work include: [25, 43, 91, 105, 106,
107, 138, 72, 126] “IA Tutorials and Workshops for Educators” (DUE-0210762, three years, completed,
$184,006) involved two workshops attended by approximately 40 participants to increase the capacity of
the national higher education enterprise in cyber security. [23, 42, 46, 48, 47, 66, 64, 63, 76, 111]. “Cyber
Defense Initiative Workshop: Research and Technology Framework and Plan” (DUE-0751375, one year,
completed, NSF funding: $15,000) supported a December 2007 workshop to consider research strategies
to address the security of the Nation’s cyber-infrastructure. Web-based reports resulted. “Collaborative Re-
search: SecureCore for Trustworthy Commodity Computing and Communications” (CNS-0430566, three
years, completed, $568,450) pursued a clean-slate approach to define a minimalist, vertically integrated se-
curity architecture for trustworthy mobile computing. [4, 7, 5, 6, 17, 18, 19, 28, 32, 33, 82, 78, 74, 81, 80,
77, 75, 98, 121, 120, 134]
15
C.6 Management Plan
The 3Dsec project’s diverse collaborative team is well matched to the breadth and depth of the research
challenge. For example, the hardware aspects of the project can only be effectively addressed by individuals
able to envision new techniques and components at the device and circuit level, while the security issues
to be addressed require a deep understanding of software architectural principles associated with secure
systems.
The 3Dsec project is comprised of six researchers from three universities: UCSB, UCSD, and the Naval
Postgraduate School. We are geographically close, with two domains in Southern California and the third
located in California’s Central Coast. The members of our team are: Ted Huffmire, Cynthia Irvine, Timothy
Levin, and Thuy Nguyen, of the Naval Postgraduate School; Tim Sherwood, of UC Santa Barbara; and
Ryan Kastner, of UC San Diego.
Since 2004, we have worked as a cohesive research team. Over this time, we have written a variety of pa-
pers together, while continuing to publish papers outside of the group’s interests. We have worked as a team
to nurture each other’s graduate students, one of whom has graduated to become a full-fledged team mem-
ber. With the same time zone, and, by West Coast standards, relative proximity, we have hosted many group
meetings at our respective campuses. We have maintained a shared website with both public and protected
information to both disseminate our results and to share and work on project-related activities, including
research results, meeting minutes, papers in progress and other materials. Our weekly teleconferences allow
us to report research progress, share ideas and chart next steps in our work. Ad hoc teleconferences are
scheduled on an as needed basis.
C.6.1 Project Management Activities
The objective of the 3Dsec effort will be to conduct research of the highest quality on a promising new
technology that can join the market advantages of commodity hardware components with the trustworthiness
of specialized security hardware and software. To support our collaboration we plan for the following regular
activities:
• We will conduct weekly all-team teleconferences to discuss research progress and to manage the
project.
• The research groups at each university will conduct both scheduled and ad hoc internal meetings
during the week.
• We will hold all day, and in some cases, multi-day project workshops approximately quarterly. This
will allow us to engage in the more intense research exchanges required to tackle particularly chal-
lenging aspects of the work and will permit our graduate students to discuss their activities in a shared
forum.
C.6.2 Project Responsibilities
The 3Dsec team has already demonstrated that it can productively execute joint research. Our collegial
relationship has allowed us to spontaneously discuss new research ideas and to move them forward in the
form of joint patents, papers, and books. This team approach will be continued seamlessly as we transition
to the 3Dsec project.
Naturally, the PIs at each university will be responsible for the management of their own budgets. In
addition, various project responsibilities will be allocated to individual PIs. Irvine will apply her extensive
experience in large project management to help ensure that timelines are established and that milestones are
met. Ongoing public and internal project documentation will be managed by Huffmire, through the use of the
16
R.O. Year 1 Year 2 Year 3
1 Cost model† FPGA prototype†‡
2 Investigate override circuitry†‡ CAD tools for base layer‡
3 Security enhanced structures†‡ Shared analysis hardware†‡
4 Control Plane Management†‡ Control Plane Protection Cache System Analysis†‡
Cache management study Design cache mechanism† Cache manager prototype†‡
Key: NPS †UCSB ‡UCSD
Table 1: Work flow for research objectives (R.O.s)
project web site and other Internet technologies. Relationships with a number of FPGA and other hardware
vendors will be managed by Kastner and Sherwood, and team members at the Naval Postgraduate School
will also engage in collaborations associated with the commercial adoption of 3-D technology through
their non-disclosure agreement with Intel Corporation. Finally, the Naval Postgraduate School will provide
a small amount of administrative and other support for our workshops, outreach, publicity, and student
management.
C.6.3 Schedule
We plan an aggressive schedule of investigation and publication of research results. The primary re-
search objectives (R.O.s) will be managed as shown in Table 1. The per-year milestone divisions are notional
rather than concrete deadlines.
C.6.4 Industrial Support and Impact
Industry’s reluctance to take big risks is a possible reason why security is often a secondary concern in
processor design. Substantial reworking of the architecture, ideally starting from a clean slate, is infeasible
in terms of both time and money. However, academic projects are capable of taking these risks. Industry
involvement with our work is viewed from three perspectives: academic research leading industry; academic
research following industry; and indicators from industry that this research is of value.
It is possible for academia to lead industry, showing the way for future products, as demonstrated by
the many industrial companies that have “spun” off from academic research projects. At one level, this
proposal hypothesizes a need for the enhancement of security in commercial processors that is out of band
from the normal processor development cycle. We cannot know beforehand whether this new out-of-band
development path will prove to be successful: whether industry will “follow” by opening its doors to the
addition of low-cost and standardized circuit-level junctions with which control planes could be added to a
processor. However, we expect that successful research prototypes developed under this project will lead
vendors into a competitive response to participate.
We also know that industry is currently investing in 3-D research on their own, to enhance their products
by utilizing circuits in three dimensions [83, 20, 109]. In that sense, we are following the path that industry
is already taking, while contributing several innovations to enable 3-D technology to play a larger role,
especially with respect to security. Finally, we have had encouraging responses from industry attendees at
conferences where we have presented our early papers [93, 94], which indicate we are on the right path. Our
management approach for achieving these interactions will be to establish goals for our academic-industry
exchange that will be worked on in parallel with our research activities.
17
D TC: Large: Collaborative Research: 3Dsec: Trustworthy System Security through 3-D
Integrated Hardware: References
[1] N. Goldsman A. Akturk and G. Metze. Self-Consistent Modeling of Heating and MOSFET Per-
formance in 3-D Integrated Circuits. IEEE Transactions on Electron Devices, 52(11):2395–2403,
2005.
[2] Cristinel Ababei, Yan Feng, Brent Goplen, Hushrav Mogal, Tianpei Zhang, Kia Bazargan, and Sachin
Sapatnekar. Placement and Routing in 3D Integrated Circuits. IEEE Design and Test of Computers,
22(6):520–531, Nov/Dec 2005.
[3] O. Aciı´c¸mez. Yet another microarchitectural attack: Exploiting i-cache. In Proceedings of the First
Computer Security Architecture Workshop (CSAW), Fairfax, VA, November 2007.
[4] Francis Afinidad. An Interval Algebra-Based Temporal Access Control Protection Architecture. PhD
thesis, Naval Postgraduate School, Monterey, California, June 2005.
[5] Francis Afinidad, Cynthia E. Irvine, Thuy D. Nguyen, and Timothy E. Levin. A time interval mem-
ory protection system. Technical Report NPS-CS-06-002, Naval Postgraduate School, Monterey,
California, 2005.
[6] Francis Afinidad, Timothy Levin, Cynthia E. Irvine, and Thuy D. Nguyen. A model for temporal
interval authorizations. In Hawaii Intl. Conf. on System Sciences, Software Tech. Track, Info. Security
Edu. and Foundational Research, page 218, Kauai, HI, 2006.
[7] Francis Afinidad, Timothy E. Levin, Cynthia E. Irvine, and Thuy D. Nguyen. Foundataion for a time
interval access control model. In Vladimir Gorodetsky, Igor Kotenko, and Victor Skormin, editors,
Mathematical Methods, Models, and Architectures for Computer Networks Security, MMM-ACNS
2005, volume 2685 of Lecture Notes in Computer Science, pages 406–411, St. Petersburg, Russia,
September 2005. Springer-Verlag GmbH.
[8] Kanak Agarwal, Harmander Deogun, Dennis Sylvester, and Kevin Nowka. Power gating with multi-
ple sleep modes. International Symposium on Quality Electronic Design, 2006.
[9] Banit Agrawal and Timothy Sherwood. Virtually pipelined network memory. In Proceedings of the
International Symposium on Microarchitecture (Micro), December 2006.
[10] James P. Anderson. Computer security technology planning study. Technical Report ESD-TR-73-51,
Air Force Electronic Systems Division, Hanscom AFB, Bedford, MA, 1972. (Also available as Vol.
I,DITCAD-758206. Vol. II, DITCAD-772806).
[11] Todd P Anderson. (classified). Master’s thesis, Naval Postgraduate School, Monterey, California,
December 2005.
[12] C.F. Bailey. Analysis of security solutions in large enterprises. Master’s thesis, Naval Postgraduate
School, Monterey, California, 2003 2003.
[13] Kaustav Banerjee, Shukri J. Souri, Pawan Kapur, and Krishna C. Saraswat. 3-D ICs: A Novel Chip
Design for Improving Deep Submicron Interconnect Performance and Systems-on-Chip Integration.
Proceedings of the IEEE, 89(5):602–633, May 2001.
1
[14] Mark Barwinski. Taxonomy of spyware and empirical study of network drive-by-downloads. Mas-
ter’s thesis, Naval Postgraduate School, Monterey, California, September 2005.
[15] Mark Barwinski, Cynthia E. Irvine, and Timothy E. Levin. Empirical study of drive-by-download
spyware. In Proceedings of the International Conference on i-Warfare and Security, pages 1–12,
Princess Anne, MD, March 2007.
[16] Benkart et al. 3D Chip Stack Technology Using Through-Chip Interconnects. IEEE Design and Test
of Computers, 22(6):512–518, Nov/Dec 2005.
[17] Terry V. Benzel, Cynthia E. Irvine, Timothy E. Levin, Ganesha Bhaskara, Thuy D. Nguyen, and
Paul C. Clark. Design principles for security. ISI-TR-605, Information Sciences Institute, Santa
Monica, California, and NPS-CS-05-010, Naval Postgraduate School, Monterey, California, 2005.
[18] Ganesha Bhaskara, Timothy E. Levin, Thuy D. Nguyen, Cynthia E. Irvine andTerry V. Benzel, Jeffrey
Dowskin, and Ruby Lee. Virtualization and integration of sp services in securecore. Technical Report
ISI-TR-623, University of California, Information Sciences Institute, Santa Monica, CA, September
2006.
[19] Ganesha Bhaskara, Timothy E. Levin, Thuy D. Nguyen, Terry V. Benzel, Cynthia E. Irvine, and
Paul C. Clark. Integration of user specific hardware for SecureCore cryptographic services. Technical
Report NPS-CS-06-012, Naval Postgraduate School, Monterey, California, 2006.
[20] Bryan Black, Murali Annavaram, Ned Brekelbaum, John DeVale, Lei Jiang, Gabriel H. Loh, DonMc-
Cauley, Pat Morrow, Donald W. Nelson, Daniel Pantuso, Paul Reed, Jeff Rupley, Sadasivan Shankar,
John Shen, and Clair Webb. Die Stacking (3D) Microarchitecture. Proceedings of the 39th Annual
IEEE/ACM International Symposium on Microarchitecture, pages 469–479, December 2006.
[21] J. A. Bradney. Use of webdav to support a virtual file system in a coalition environment. Master’s
thesis, Naval Postgraduate School, Monterey, California, June 2006.
[22] Sonia Bui. Single sign-on solution for MYSEA services. Master’s thesis, Naval Postgraduate School,
Monterey, California, September 2005.
[23] Karen L. Burke, Craig W. Rasmussen, Cynthia E. Irvine, George W. Dinolt, and Timothy E. Levin.
Certification and accreditation: A program for practitioner education. Journal of InformationWarfare,
2(3):25–37, 2003.
[24] C. M. Carrillo. Continuous biometric authentication for authorized aircraft personnel: A proposed
design. Master’s thesis, Naval Postgraduate School, Monterey, California, June 2003.
[25] D.W. Carter. An oskit-based implementation of least privilege separation kernel memory partitioning.
Master’s thesis, Naval Postgraduate School, Monterey, California, June 2007.
[26] R. H. F. Cassidy. Automating case reports for the analysis of digital evidence. Master’s thesis, Naval
Postgraduate School, Monterey, California, September 2005.
[27] K. H. Chiang. A prototype implementation of a time interval file protection system (tifps) in linux.
Master’s thesis, Naval Postgraduate School, Monterey, California, September 2006.
[28] Ken Chiang, Thuy D. Nguyen, and Cynthia E. Irvine. A linux implementation of temporal access
controls. In Proceedings 8th IEEE Systems, Man, and Cybernetics Information Assurance Workshop,
pages 309–316, West Point, NY, 2007.
2
[29] R. R. Christensen. Classified. Master’s thesis, Naval Postgraduate School, Monterey, California, June
2004.
[30] J. J. Cisneros. Classified. Master’s thesis, Naval Postgraduate School, Monterey, California, June
2004.
[31] J. L. Clark. High assurance project evidence presentation using semantic graphs in XML. Master’s
thesis, Naval Postgraduate School, Monterey, California, March 2004.
[32] Paul C. Clark, Cynthia E. Irvine, Timothy E. Levin, Thuy D. Nguyen, and Timothy M. Vidas. Se-
cureCore software architecture: Trusted path application (TPA) requirements. Technical Report NPS-
CS-07-001, Naval Postgraduate School, Monterey, California, December 2007.
[33] Paul C. Clark, Cynthia E. Irvine, Thuy Nguyen, Timothy E. Levin, Timothy M. Vidas, and David J.
Shifflett. SecureCore software architecture: SecureCore operating system (SCOS) functional spec-
ification. Technical Report NPS-CS-07-018, Naval Postgraduate School, Monterey, California, De-
cember 2007.
[34] D. S. Craven. A formal analysis of the mls lan: Tcb-to-tcbe, session status, and tcbe-to-session server
protocols. Master’s thesis, Naval Postgraduate School, Monterey, California, September 2004.
[35] J. Cullum, C. E. Irvine, and T. E. Levin. Performance impact of connectivity restrictions and increased
vulnerability presence on automated attack graph generation. In ICIW 2007 2nd International Con-
ference on i-Warfare and Security, pages 33–46, Monterey, California, March 2007.
[36] J. J. Cullum. Performance analysis of automated attack graph generation software. Master’s thesis,
Naval Postgraduate School, Monterey, California, December 2006.
[37] W.R. Davis, J. Wilson, S. Mick, J. Xu, H. Hua, C. Mineo, A.M. Sule, M. Steer, and P.D. Franzon.
Demystifying 3D ICs: The Pros and Cons of Going Vertical. IEEE Design and Test of Computers,
22(6):498–510, Nov/Dec 2005.
[38] D. P. DeCloss. An analysis of specware and its usefulness in the verification of high assurance
systems. Master’s thesis, Naval Postgraduate School, Monterey, California, June 2006.
[39] C. A. Dodge. Recommendations for secure initialization routines in operating systems. Master’s
thesis, Naval Postgraduate School, Monterey, California, September 2004.
[40] Catherine Dodge, Cynthia E. Irvine, and Thuy D. Nguyen. A study of initialization in linux and
openbsd. Operating Systems Review, 39(2):79–93, 2005.
[41] B. T. Duong. Comparisons of attacks on honeypots with those on real networks. Master’s thesis,
Naval Postgraduate School, Monterey, California, March 2006.
[42] Chris Eagle and John L. Clark. Capture-the-flag: Learning computer security under fire. In Avoiding
Fear Uncertainty and Doubt Through Effective Security Education: Proceedings Sixth Workshop on
Education in Computer Security, pages 17–21, Monterey, California, July 2004.
[43] C. Eatinger. Testing automation tools for secure software development. Master’s thesis, Naval Post-
graduate School, Monterey, California, June 2007.
[44] M. Egan. An implementation of remote application support in a multilevel environment. Master’s
thesis, Naval Postgraduate School, Monterey, California, March 2006.
3
[45] J. Ellch. Fingerprinting 802.11 devices. Master’s thesis, Naval Postgraduate School, Monterey,
California, September 2006.
[46] Naomi Falby, J.D. Fulp, Paul C. Clark, R. Scott Cote, Cynthia E. Irvine, GeorgeW. Dinolt, Timothy E.
Levin, Matthew Rose, and Deborah Shifflett. Information assurance capacity building: A case study.
In Proceedings of the Colloquium on Information Systems Security Education, pages 31–36, June
2004.
[47] J.D. Fulp. Security Education and Critical Security Education and Critical Infrastructures, chapter
Training the Cyber-Warrior, pages 261–273. Kluwer Academic Publishers, 2003.
[48] J.D. Fulp. The bastion network project. In Cynthia E. Irvine, editor, Avoiding Fear Uncertainty and
Doubt Through Effective Security Education: Proceedings Sixth Workshop on Education in Computer
Security, pages 65–70, Monterey, California, July 2004.
[49] V. J. Galante. Feasibility of automating fiwc website noncompliance monitoring and enforcement
activities. Master’s thesis, Naval Postgraduate School, Monterey, California, June 2003.
[50] J. Guild. Scripting quality of security service (qoss) safeguard measures for the suggested infocon
system. Master’s thesis, Naval Postgraduate School, Monterey, California, March 2004.
[51] J. R. Guild. Design and analysis of a model reconfigurable cyber-exercise laboratory (rcel) for in-
formation assurance education. Master’s thesis, Naval Postgraduate School, Monterey, California,
March 2004.
[52] C. F. Herbig. Use of openssh support for remote login to a multilevel secure system. Master’s thesis,
Naval Postgraduate School, Monterey, California, December 2004.
[53] A. T. Hilchie. A trusted path design and implementation for security enhanced linux. Master’s thesis,
Naval Postgraduate School, Monterey, California, September 2004.
[54] J. F. Horn. Ipsec-based dynamic security services for the MYSEA environment. Master’s thesis,
Naval Postgraduate School, Monterey, California, June 2005.
[55] W.M. Hu. Lattice scheduling and covert channels. In Proceedings of the 1992 IEEE Symposium on
Security and Privacy, Oakland, CA, May 1992.
[56] Ted Huffmire, Brett Brotherton, Nick Callegari, Jonathan Valamehr, Jeff White, Ryan Kastner, and
Tim Sherwood. Designing secure systems on reconfigurable hardware. ACM Transactions on Design
Automation of Electronic Systems (TODAES), 13(3), July 2008.
[57] Ted Huffmire, Brett Brotherton, Timothy Sherwood, Ryan Kastner, Timothy Levin, Thuy Nguyen,
and Cynthia Irvine. Managing security in FPGA-based embedded systems. IEEE Design and Test of
Computers, 25(6), November/December 2008.
[58] Ted Huffmire, Brett Brotherton, Gang Wang, Tim Sherwood, and Ryan Kastner. Moats and draw-
bridges: An isolation primitive for reconfigurable hardware based systems. In Proceedings of the
2007 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2007.
[59] Ted Huffmire, Shreyas Prasad, Tim Sherwood, and Ryan Kastner. Policy-driven memory protection
for reconfigurable systems. In Proceedings of the European Symposium on Research in Computer
Security (ESORICS), Hamburg, Germany, September 2006.
4
[60] Ted Huffmire, Timothy Sherwood, Ryan Kastner, and Timothy Levin. Enforcing memory policy
specifications in reconfigurable hardware. Computers & Security, 27(5-6), October 2008.
[61] C. Irvine, T. Levin, T. Nguyen, and G. Dinolt. The trusted computing exemplar project. In Pro-
ceedings of the 5th IEEE Systems, Man and Cybernetics Information Assurance Workshop, pages
109–115, West Point, NY, June 2004.
[62] C. E. Irvine and Karl Levitt. Trusted hardware: Can it be trustworthy? In Proc. Design Automation
Conference, pages 1–4, San Diego, CA, June 2007.
[63] Cynthia E. Irvine and Helen Armstrong. Security Education and Critical Security Education and
Critical Infrastructures. Kluwer Academic Publishers, 2003.
[64] Cynthia E. Irvine and Naomi B. Falby. Scholarship for service: Ia tutorials and workshops for edu-
cators. Technical Report NPS-CS-05-005, Naval Postgraduate School, Monterey, California, March
2005.
[65] Cynthia E. Irvine, Timothy E. Levin, Thuy D. Nguyen, David Shifflett, Jean Khosalim, Paul C.
Clark, Albert Wong, Francis Afinidad, David Bibighaus, and Joseph Sears. Overview of a high
assurance architecture for distributed multilevel security. In Proceedings of the 2002 IEEE Workshop
on Information Assurance and Security, West Point, NY, June 2002.
[66] Cynthia E. Irvine and Michael F. Thompson. Expressing is policy within an security simulation game.
In Avoiding Fear Uncertainty and Doubt Through Effective Security Education: Proceedings Sixth
Workshop on Education in Computer Security, pages 43–49, Monterey, California, July 2004.
[67] Philip Jacob, Okan Erdogan, Aamir Zia, Paul M. Belemjian, Russell P. Kraft, and John F. McDon-
ald. Predicting the performance of a 3D processor-memory chip stack. IEEE Design and Test of
Computers, 22(6):540–547, Nov/Dec 2005.
[68] Jr. K. W. Johns. Toward managing and automating cyberciege scenario definition file creation. Mas-
ter’s thesis, Naval Postgraduate School, Monterey, California, March 2004.
[69] Taeho Kgil, Shaun D’Souza, Ali Saidi, Nathan Binkert, Ronald Dreslinski, Trevor Mudge, Steven
Reinhardt, and Krisztian Flautner. Picoserver: using 3D stacking technology to enable a compact
energy efficient chip multiprocessor. SIGARCH Comput. Archit. News, 34(5):117–128, 2006.
[70] Michael B. Kleiner, Stefan A. Ku¨hn, and Werner Weber. Performance Improvement of the Memory
Hierarchy of RISC Systems by Applications of 3-D Technology. In ISCAS, pages 2305–2308, 1995.
[71] Lindsay Lack. Using the bootstrap concept to build an adaptable and compact subversion artifice.
Master’s thesis, Naval Postgraduate School, Monterey, California, June 2003.
[72] Claire Lavelle. A preliminary analysis for porting xml-based chat to mysea. M.S. thesis, Naval
Postgraduate School, Monterey, California, June 2008.
[73] T.E. Levin, C.E. Irvine, C. Weissman, and T.D. Nguyen. Analysis of three multilevel security archi-
tectures. In Proceedings of the First Computer Security Architecture Workshop (CSAW), Fairfax, VA,
November 2007.
[74] Timothy E. Levin, Ganesha Bhaskara, Thuy D. Nguyen, Paul C. Clark, Terry V. Benzel, and Cyn-
thia E. Irvine. Securecore security architecture: Authority mode and emergency management. Tech-
nical Report NPS-CS-07-012, Naval Postgraduate School, Monterey, California, November 2007.
5
[75] Timothy E. Levin, Ganesha Bhaskara, Thuy D. Nguyen, Paul C. Clark, Terry V. Benzel, and Cyn-
thia E. Irvine. Securecore security architecture: Authority mode and emergency management. Tech-
nical Report NPS-CS-07-012, Naval Postgraduate School, Monterey, California, October 2007.
[76] Timothy E. Levin and Paul C. Clark. A note regarding covert channels. In Cynthia E. Irvine, edi-
tor, Avoiding Fear Uncertainty and Doubt Through Effective Security Education: Proceedings Sixth
Workshop on Education in Computer Security, pages 11–15, Monterey, California, July 2004.
[77] Timothy E. Levin, Cynthia Irvine, and Thuy Nguyen. An analysis of three kernel-based multilevel
security architectures. Technical Report NPS-CS-07-003, Naval Postgraduate School, Monterey,
California, March 2006.
[78] Timothy E. Levin, Cynthia E. Irvine, Terry V. Benzel, Ganesha Bhaskara, Paul C. Clark, and Thuy D.
Nguyen. Design principles and guidelines for security. Technical Report NPS-CS-07-014, Naval
Postgraduate School, Monterey, California, 2007.
[79] Timothy E. Levin, Cynthia E Irvine, and Thuy D. Nguyen. A least privilege model for static separa-
tion kernels. Technical Report NPS-CS-05-003, Naval Postgraduate School, 2004.
[80] Timothy E. Levin, Cynthia E. Irvine, and Thuy D. Nguyen. Least privilege in separation kernels.
In Proceedings International Conference on Security and Cryptography, pages 355–362, Setubal,
Portugal, August 2006.
[81] Timothy E. Levin, Cynthia E. Irvine, and Evdoxia Spyropoulou. Quality of security service: Adaptive
security. In H. Bidgoli, editor, Handbook of Information Security, volume 3, pages 1016–1025. John
Wiley and Sons, Hoboken, NJ, January 2006.
[82] Timothy E. Levin, Cynthia E. Irvine, Clark Weissman, and Thuy D. Nguyen. Analysis of three
multilevel security architectures. In Proceedings 1st Computer Security Architecture Workshop, pages
37–46, Fairfax, VA, November 2007.
[83] Feihui Li, Chrysostomos Nicopoulos, Thomas Richardson, Yuan Xie, Vijaykrishnan Narayanan,
and Mahmut Kandemir. Design and Management of 3D Chip Multiprocessors Using Network-in-
Memory. Proceedings of the 33rd annual International Symposium on Computer Architecture (ISCA),
pages 130–141, July 2006.
[84] ARM Limited. Arm926ej-s technical reference manual, 2001-2008.
[85] Christianto C. Liu, Ilya Ganusov, Martin Burtscher, and Sandip Tiwari. Bridging the Processor-
Memory Performance Gap with 3D IC Technology. IEEE Design Test, 22(6):556–564, 2005.
[86] Gian Luca Loi, Banit Agrawal, Navin Srivastava, Sheng-Chih Lin, Timothy Sherwood, and Kaustav
Banerjee. A thermally-aware performance analysis of vertically integrated (3-D) processor-memory
hierarchy.
[87] Claude Massit and Nicolas Gerard. Three-dimensional multichip module. United States Patent no.
5,373,189, December 1994.
[88] N. A. Mikus. An analysis of disc carving techniques. Master’s thesis, Naval Postgraduate School,
Monterey, California, March 2005.
[89] Miura et al. A 195Gb/s 1.2W 3D-Stacked Inductive Inter-Chip Wireless Superconnect with Transmit
Power Control Scheme. In IEEE Int. Solid-State Circuits Conf. (ISSCC) Dig. Tech. Papers, pages
264–265, Feb 2005.
6
[90] D. S. Mueller. Authentication scenario for cyberciege. Master’s thesis, Naval Postgraduate School,
Monterey, California, September 2005.
[91] E. J. Murphy. Counterintelligence through malicious code analysis. Master’s thesis, Naval Postgrad-
uate School, Monterey, California, June 2007.
[92] Jessica Murray. An exfiltration subversion demonstration. Master’s thesis, Naval Postgraduate
School, Monterey, California, June 2003.
[93] S. Mysore, B. Agrawal, S.C. Lin, N. Srivastava, K. Banerjee, and T. Sherwood. Introspective 3-D
chips. In Proceedings of the 12th International Conference on Architectural Support for Program-
ming Languages and Operating Systems (ASPLOS), San Jose, CA, October 2006.
[94] S. Mysore, B. Agrawal, S.C. Lin, N. Srivastava, K. Banerjee, and T. Sherwood. 3-D integration for
introspection. IEEE Micro, 27(1), January 2007.
[95] Shashidar Mysore, Banit Agrawal, Timothy Sherwood, Nisheeth Shrivastava, and Subash Suri. Pro-
filing over adaptive ranges. In Proceedings of the International Symposium on Code Generation and
Optimization (CGO’06), New York, NY, March 2006.
[96] Shashidhar Mysore, Banit Agrawal, Rodolfo Neuber, Timothy Sherwood, Nisheeth Shrivastava, and
Subash Suri. Formulating and implementing profiling over adaptive ranges. ACM Transactions on
Architecture and Code Optimization (TACO), To Appear.
[97] L. Nafaratte and L Valverde. Secure wireless handoff. Master’s thesis, Naval Postgraduate School,
Monterey, California, June 2003.
[98] Thuy D. Nguyen, Timothy E. Levin, Cynthia E. Irvine, Terry V. Benzel, and Ganesha Bhaskara. Pre-
liminary security requirements for SecureCore hardware. Technical Report NPS-CS-06-014, Naval
Postgraduate School, Monterey, California, September 2006.
[99] R. J. Noonan. Vulnerability assessment of the slc 5/05 programmable controller (u). Master’s thesis,
Naval Postgraduate School, Monterey, California, June 2005.
[100] Dag Arne Osvik, Adi Shamir, and Eran Tromer. Cache attacks and countermeasures: the case of AES:
(extended version). Technical report, Department of Computer Science and Applied Mathematics,
Weizmann Institute of Science, Rehovot 76100, Israel, October 2005.
[101] D. Page. Theoretical use of cache memory as a cryptanalytic side-channel. Technical Report CSTR-
02-003, Department of Computer Science, University of Bristol, June 2002.
[102] D. Page. Partitioned cache architecture as a side channel defence mechanism, 2005.
[103] Colin Percival. Cache missing for fun and profit. In Proceedings of BSDCan 2005, Ottowa, Canada,
May 2005.
[104] K. Q. Phan. Design and implementation of nfs for a multilevel secure system. Master’s thesis, Naval
Postgraduate School, Monterey, California, March 2004.
[105] D. A. Phelps. Alloy experiments for a least privilege separation kernel. Master’s thesis, Naval
Postgraduate School, Monterey, California, June 2007.
[106] M. Pohl. Experimentation and evaluation of ipv6 secure neighbor discovery protocol. Master’s thesis,
Naval Postgraduate School, Monterey, California, September 2007.
7
[107] A. D. Portner. A prototype of multilevel data integration in the MYSEA testbed. Master’s thesis,
Naval Postgraduate School, Monterey, California, September 2007.
[108] Kiran Puttaswamy and Gabriel H. Loh. Implementing Caches in a 3D Technology for High Per-
formance Processors. In IEEE International Conference on Computer Design (ICCD) 2006, pages
525–532, October 2005.
[109] Kiran Puttaswamy and Gabriel H. Loh. Thermal analysis of a 3D die-stacked high-performance
microprocessor. Proceedings of the 16th ACM Great Lakes symposium on VLSI, pages 19–24, May
2006.
[110] Jody Radowicz. Exploring fields with shift registers. Master’s thesis, Naval Postgraduate School,
Monterey, California, September 2006.
[111] Craig Rasmussen, Cynthia E. Irvine, George W. Dinolt, Timothy E. Levin, and Karen L. Burke.
Security Education in Critical Infrastructures, chapter A Program for Education in Certification and
Accreditation, pages 131–149. Kluwer Academic Publishers, Norwell, MA, 2003.
[112] J. Rogers. Secure distribution of open source information. Master’s thesis, Naval Postgraduate
School, Monterey, California, December 2004.
[113] D. Rowlands and T. Shumaker. Risk assessment of the naval postgraduate school gigabit network.
Master’s thesis, Naval Postgraduate School, Monterey, California, September 2004.
[114] K. Roy, S. Mukhopadhyay, and H. Mahmoodi-Meimand. Leakage current mechanisms and leak-
age reduction techniques in deep-submicrometer CMOS circuits. Proceedings of the IEEE, 91(2),
February 2003.
[115] C. A. Ruppar. Identity theft prevention in cyberciege. Master’s thesis, Naval Postgraduate School,
Monterey, California, December 2005.
[116] Paul Schoberg. Secure ground-based remote recording and archiving of aircraft “blacbox” data.
Master’s thesis, Naval Postgraduate School, Monterey, California, June 2003.
[117] Timothy Sherwood, Erez Perelman, Greg Hamerly, Suleyman Sair, and Brad Calder. Discovering and
exploiting program phases. IEEE Micro: Micro’s Top Picks from Computer Architecture Conferences
(IEEE Micro - top pick), November-December 2003.
[118] Timothy Sherwood, Erez Perelman, Gret Hamerly, and Brad Calder. Automatically characterizing
large scale program behavior. In Proceedings of the Tenth International Conference on Architectural
Support for Programming Languages and Operating Systems (ASPLOS-X), San Jose, CA, October
2002.
[119] Kaijian Shi and David Howard. Sleep transistor design and implementation – simple concepts yet
challenges to be optimum. IEEE VLSI-DAT Taiwan, 2006.
[120] David J. Shifflett, Paul C. Clark, Cynthia E. Irvine, Thuy D. Nguyen, Timothy M. Vidas, and Timo-
thy E. Levin. Securecore software architecture: Trusted management layer (TML) kernel extension
module interface specification. Technical Report NPS-CS-07-021, Naval Postgraduate School, Mon-
terey, California, 2007.
8
[121] David J. Shifflett, Paul C. Clark, Cynthia E. Irvine, Thuy D. Nguyen, Timothy M. Vidas, and Tim-
othy E. Levin. Securecore software architecture: Trusted mangement layer (TML) kernel extension
module integration guide. Technical Report NPS-CS-07-022, Naval Postgraduate School, Monterey,
California, December 2007.
[122] N. Stauffer. An introduction to certification and accreditation for new accreditors. Master’s thesis,
Naval Postgraduate School, Monterey, California, June 2003.
[123] Donna Stewart. Nettop configuration. Master’s thesis, Naval Postgraduate School, Monterey, Cali-
fornia, June 2003.
[124] Lin Tan, Brett Brotherton, and Timothy Sherwood. Bit-split string-matching engines for intrusion
detection and prevention. ACM Transactions on Architecture and Code Optimization (TACO), 3(1),
June 2006.
[125] Lin Tan and Timothy Sherwood. A high throughput string matching architecture for intrusion de-
tection and prevention. In Proceedings of the 32nd Annual International Symposium on Computer
Architecture (ISCA’05), Madison, WI, June 2005.
[126] Thomas F. Tenhunen. Implementing an intrusion detection system in the mysea architecture. M.S.
thesis, Naval Postgraduate School, Monterey, California, June 2008.
[127] Mohit Tiwari, Hassan Wassel, Bita Mazloom, Shashidhar Mysore, Frederic Chong, and Timothy
Sherwood. Complete information flow tracking from the gates up. In Proceedings of the 14th Inter-
national Conference on Architectural Support for Programming Languages and Operating Systems
(ASPLOS XIV), Washington, DC, March 2009.
[128] Topham and Gonzalez. Randomized cache placement for eliminating conflicts. IEEETC: IEEE
Transactions on Computers, 48, 1999.
[129] Yuh-Fang Tsai, Yuan Xie, N. Vijaykrishnan, and Mary Jane Irwin. Three-Dimensional Cache Design
Exploration Using 3DCacti. In IEEE International Conference on Computer Design. IEEE, October
2005.
[130] L. Tse. Feasibility study of voip integration into the MYSEA environment. Master’s thesis, Naval
Postgraduate School, Monterey, California, September 2005.
[131] Sonali Ubyakhar. Evaluation of program specification and verification systems. Master’s thesis,
Naval Postgraduate School, Monterey, California, June 2003.
[132] J. M. Urrea. An analysis of linux ram forensics. Master’s thesis, Naval Postgraduate School, Mon-
terey, California, March 2006.
[133] R. C. Vernon. A design for sensing the boot type of a trusted platform module enabled computer.
Master’s thesis, Naval Postgraduate School, Monterey, California, September 2005.
[134] Richard C. Vernon, Cynthia E. Irvine, and Timothy E. Levin. Toward a boot odometer. In Proceedings
from the 7th IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY,
June 2006.
[135] Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. A sound type system for secure flow analysis.
Journal of Computer Security, 4(3):167–187, 1996.
9
[136] Z. Wang and R. Lee. New cache designs for thwarting cache-based side channel attacks. In Proceed-
ings of the 34th International Symposium on Computer Architecture, San Diego, CA, June 2007.
[137] K. C. Wiberg. Identifying supervisory control and data acquisition (SCADA) systems on a net-
work via remote reconnaissance. Master’s thesis, Naval Postgraduate School, Monterey, California,
September 2006.
[138] B. Wiese. Preliminary analysis of a trusted platform module (TPM) initialization process. Master’s
thesis, Naval Postgraduate School, Monterey, California, June 2007.
[139] Jeannette M. Wing. Computational thinking. Commun. ACM, 49(3):33–35, 2006.
[140] Annie Zeng, James Lu, Kenneth Rose, and Ronald J. Gutmann. First-Order Performance Prediction
of Cache Memory with Wafer-Level3D Integration. IEEE Design and Test of Computers, 22(6):548–
555, Nov/Dec 2005.
[141] Lynne Ziegenhagen. Evaluating configuration management tools for high assurance software devel-
opment projects. Master’s thesis, Naval Postgraduate School, Monterey, California, June 2003.
[142] Ziptronix. 3D integration for mixed signal applications, 2002.
10
