CAREER: Architectural Support for Parallel Execution as a Continuum of Transactions (ASPECT)

Issued as final reportNational Science Foundation (U.S.

Bus Encryption and Authentication Unit for Symmetric Shared Memory Multiprocessor Sytem Using GCM-AES

Hardware security mechanisms in uniprocessor and multiprocessor systems have been proposed to safeguard information more efficiently. This work presents a secure architecture model for a symmetric shared memory multiprocessor (SMP) to safeguard the cache-to-cache transfers. This work proposes a hardware security mechanism, which employs Galois Counter Mode (GCM) of advanced encryption standard (AES) and modifies it to work in an SMP environment. The work focuses on why GCM is a better choice over cipher block chaining mode (CBC) which is used in current state of the art systems. It estimates the storage required by the additional hardware unit in both modes of operation. A full system SMP simulation quantifies the performance overhead introduced by the additional hardware unit in both schemes to safeguard the cache-to-cache transfers. The impact of increasing cache line sizes and the effect of varying throughput of the AES units in both the schemes is studied. Results show that a performance gain in the range of 4X-9X over the CBC scheme is achieved by using GCM mode of operation. The work shows that the throughput of the AES design has a greater impact on the performance of the CBC scheme. The performance loss is very high in CBC scheme with a lower throughput of the AES design compared to GCM. The performance in CBC scheme varies according to the authentication interval while authentication interval does not affect the GCM scheme, thus providing higher security. The presented work using GCM consumes less space on chip providing the same level of security as in the CBC scheme.School of Electrical & Computer Engineerin

Architectural support for enhancing security in clusters

Cluster computing has emerged as a common approach for providing more comput- ing and data resources in industry as well as in academia. However, since cluster computer developers have paid more attention to performance and cost e±ciency than to security, numerous security loopholes in cluster servers come to the forefront. Clusters usually rely on ¯rewalls for their security, but the ¯rewalls cannot prevent all security attacks; therefore, cluster systems should be designed to be robust to security attacks intrinsically. In this research, we propose architectural supports for enhancing security of clus- ter systems with marginal performance overhead. This research proceeds in a bottom- up fashion starting from enforcing each cluster component's security to building an integrated secure cluster. First, we propose secure cluster interconnects providing con- ¯dentiality, authentication, and availability. Second, a security accelerating network interface card architecture is proposed to enable low performance overhead encryption and authentication. Third, to enhance security in an individual cluster node, we pro- pose a secure design for shared-memory multiprocessors (SMP) architecture, which is deployed in many clusters. The secure SMP architecture will provide con¯dential communication between processors. This will remove the vulnerability of eavesdrop- ping attacks in a cluster node. Finally, to put all proposed schemes together, we propose a security/performance trade-o® model which can precisely predict performance of an integrated secure cluster

Efficient Data Protection for Distributed Shared Memory Multiprocessors

Data security in computer systems has recently become an increasing concern, and hardware-based attacks have emerged. As a result, researchers have investigated hardware encryption and authentication mechanisms as a means of addressing this security concern. Unfortunately, no such techniques have been investigated for Distributed Shared Memory (DSM) multiprocessors, and previously proposed techniques for uni-processor and Symmetric Multiprocessor (SMP) systems cannot be directly used for DSMs. This work is the first to examine the issues involved in protecting secrecy and integrity of data in DSM systems. We first derive security requirements for processor-processor communication in DSMs, and find that different types of coherence messages need different protection. Then we propose and evaluate techniques to provide efficient encryption and authentication of the data in DSM systems. Our simulation results using SPLASH-2 benchmarks show that the execution time overhead for our three proposed approaches is small and ranges from 6 % to 8 % on a 16-processor DSM system, relative to a similar DSM without support for data secrecy and integrity