A HIGH-PERFORMANCE OBLIVIOUS RAM CONTROLLER ON THE CONVEY HC-2EX HETEROGENEOUS COMPUTING PLATFORM

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "A HIGH-PERFORMANCE OBLIVIOUS RAM CONTROLLER ON THE CONVEY HC-2EX HETEROGENEOUS COMPUTING PLATFORM"

Transcription

1 A HIGH-PERFORMANCE OBLIVIOUS RAM CONTROLLER ON THE CONVEY HC-2EX HETEROGENEOUS COMPUTING PLATFORM BASED ON PHANTOM: PRACTICAL OBLIVIOUS COMPUTATION IN A SECURE PROCESSOR FROM CCS-2013! Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari Elaine Shi, Krste Asanovic, John Kubiatowicz, Dawn Song

2 Cryptographic Construct! A HIGH-PERFORMANCE OBLIVIOUS RAM CONTROLLER ON THE CONVEY HC-2EX HETEROGENEOUS COMPUTING PLATFORM BASED ON PHANTOM: PRACTICAL OBLIVIOUS COMPUTATION IN A SECURE PROCESSOR FROM CCS-2013! High-performance, FPGA-based platform! Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari Elaine Shi, Krste Asanovic, John Kubiatowicz, Dawn Song Secure Processor!

3 Organizations move to the cloud E.g. government, financial/medical companies Raises privacy concerns for sensitive data

4 Attackers with Physical Access Chanpipat,!FreeDigitalPhotos.net! Malicious Employees Intruders Government Surveillance

5 Physical Attack Vectors E.g. replace DRAM DIMMs with NVDIMMs that have non-volatile storage to record accesses

6 Computation on Encrypted Data Sealed (tamper-proof), Remote attestation! CPU! encrypted! encrypted! DRAM! Hard!Drive,!etc.! e.g. Secure Processors (AEGIS, XOM, AISE-BMT), IBM Cryptographic Coprocessors, Intel SGX

7 Memory Address Leakage Sealed (tamper-proof), Remote attestation! CPU! Memory Addresses (plaintext)! DRAM! encrypted! encrypted! Hard!Drive,!etc.! Leaks e.g. transactions, subjects of surveillance/ audit, geolocations, OS fingerprints, crypto keys

8 A real-world example: SQLite Read database Physical Memory Address SELECT population FROM all counties in <Texas California> Texas California Loading database Query Memory Accesses (Time)

9 We want to prevent this information leakage In the context of a secure processor

10 Oblivious RAM (ORAM) Problem investigated since 1987 Originally for memory accesses of a processor, later for e.g. FSs, DBs,... Algorithms required MBs of trusted storage or complex ( Hardware)

11 Path ORAM (CCS 13, Best Paper) New algorithm by Stefanov et al. Low trusted storage requirement Simple enough to implement in hardware on a secure processor

12 Where s the problem? How hard can it be to put Path ORAM into a processor?

13 1. ORAM Microarchitecture Prior work algorithmic, ignores ORAM microarchitectural implementation ORAM needs to fully utilize resources You need to build it to find the details not apparent from the algorithm

14 2. Practicality on real system Want obliviousness for real systems Custom chips (ASICs) very expensive unless widely adopted There is a trend towards FPGA-based accelerators (programmable H/W)

15 PHANTOM: A Practical Oblivious Computing Platform Featuring an ORAM microarchitecture implemented on an FPGA platform

16 Overview 1. Overview & Attack Model 2. Path Oblivious RAM 3. The Oblivious Memory System 4. Building PHANTOM 5. Evaluation

17 PART I Attack Model and Deployment

18 PHANTOM Overview Data Center!! PHANTOM! Client!

19 Attack Model Our focus! Memory Traffic (data, addresses,...)!! Other digital (OS,...)! Analog (radiation, power,...)! Orthogonal!

20 PART II Path Oblivious RAM

21 Path Oblivious RAM Oblivious memory is divided into blocks:! A! B! C! D! E! F!! When accessing a block through Path ORAM! Request block! Read/write to requested block! Random appearing DRAM accesses!

22 Path Oblivious RAM 0! 0! D 1! 0! 1! 0! 1! C! 000! 001! 010! 011! 1! 0! 1! 0! 1! 0! 1! 100! 101! 110! 111! Position Map (secure)! Block&ID& Leaf&ID& A! 101!011! B! 011! C! 000! D! 010! E! 101! F! 010! B! F! A! E! Stash (secure)!

23 Required Stash Size Blocks stay behind in the stash How large does the stash have to be to never overflow? Bound known up to constant factors: determined constants empirically

24 PART III The Oblivious Memory System

25 The Oblivious Memory System! PHANTOM!

26 High-throughput Memory Design& Cycles& Basic!128bit! 34816! 8x!Memory!BW! 4352!?! Note: 1,000 cycles = 150 MHz AES counter mode! (ORAM Size 1GB, 17 level tree, 4KB blocks) Challenge: Memory Bandwidth

27 High-throughput Memory Design& Cycles& Basic!128bit! 34816! 8x!Memory!BW! 4352!?! Note: 1,000 cycles = 150 MHz AES counter mode! (ORAM Size 1GB, 17 level tree, 4KB blocks) Challenge: Keep up with memory

28 Writing Back Blocks?! Leaf&ID, & Block&Contents& 110! 0xcafecafecafecafecafecafecafe! 011! 0xcafecafecafecafecafecafecafe! 010!! 110! 111! 011! 110! 010! 111! 000! 000!! 110! For each node in the path, select an entry from the stash to write to it (or put a dummy).

29 Time to pick a block In our case, we have 32 cycles to pick the next block (otherwise we will stall the memory system). Examining all blocks takes C cycles for each block. stash size!

30 Picking from the full stash Design& Cycles& Basic!128bit! 34816! 8x!Memory!BW! 4352! 10880! Note: 1,000 cycles = 150 MHz (ORAM Size 1GB, 17 level tree, 4KB blocks) C cycles to select next block to write back, C = 128! Challenge: Keep up with memory

31 Adding a sorting step Design& Cycles& Basic!128bit! 34816! 8x!Memory!BW! 4352! 10880! C!log!C!SorNng! 5248! Note: 1,000 cycles = 150 MHz Sorting stage! (ORAM Size 1GB, 17 level tree, 4KB blocks) Challenge: Keep up with memory

32 Heap-based Sorting Insert! Extract! Design& Cycles& Basic!128bit! 34816! 8x!Memory!BW! 4352! 10880! C!log!C!SorNng! 5248! Fully!overlap! 4352! Note: 1,000 cycles = 150 MHz (ORAM Size 1GB, 17 level tree, 4KB blocks) Challenge: Keep up with memory

33 Timing Channels Operation is data-driven; risk to leak information from timing 1. Operation always take the maximum amount of time (avoiding large overheads) or are overlapped 2. Decouple DRAM timing variations Challenge: Side Channels

34 DRAM Buffer Absorb timing variations at periphery DRAM! Trust Boundary! DRAM!Buffer! Memory!Request! GeneraNon!Logic! Timing isolation& All!other!PHANTOM!state! (Stash,!Sorter,!AES!Units)! Address of path to access! Challenge: Side Channels

35 The Whole Picture More details can be found in the paper

36 PART IV Building PHANTOM

37 PHANTOM Prototype X86!Host! CPU! Management! Processor! FPGA! FPGA! FPGA!! FPGA! PHANTOM! Crossbar! MC! MC! MC! MC! MC! MC! MC! MC! Host!DRAM! Implemented on Convey HC-2ex platform

38 Integrated with RISC-V CPU X86!Host! Host!Interface! CPU! Management! Processor! FPGA! FPGA! FPGA! FPGA! PHANTOM! Crossbar! MC! MC! MC! MC! MC! MC! MC! MC! Host!DRAM! Developed by UC Berkeley s Architecture Group

39 PHANTOM Secure Processor Integrated a RISC-V CPU with ORAM Loads and runs real-world programs, including (in-memory) SQLite Not optimized for FPGA yet, very small cache sizes (4KB/4KB/8KB)

40 Implementation on the HC-2ex Use Convey development kit, bundles Convey and user logic into personality Implement Verilog module, interfaces with MCs, management unit, etc. Personality loaded by Convey runtime

41 ! & Convey Personality Workflow X86!Host! CPU! Management! Processor! FPGA! FPGA! FPGA! FPGA! Crossbar! Convey&RunBTime& init(personality);! copcall(foo,!a,!b);! do_work(...);! Host!DRAM! MC! MC! Management& MC! MC! Processor&Code& foo:!!!mov!%8,!$1,!%aeg!!!caep01.ae0!$0! MC! Shared!Regs! MC! MC! Dispatch! MC! Personality!Logic! Memory!Controllers! Using this to build two-way communication channel

42 Interaction with RISC-V CPU X86!Host! CPU! Management! Processor! FPGA! FPGA! FPGA! FPGA! Crossbar! FrontBend&Server& Load!programs! Execute!sysc calls!for!the! Host!DRAM! RISCcV!CPU!! MC! MC! Management& MC! MC! Processor&Glue& Write!values!to! shared!registers! Blocking!caep! & MC! Shared!Regs! MC! MC! Dispatch! MC! PHANTOM!(CPU+ORAM)! Memory!Controllers! RISC-V CPU runs independently but talks to host

43 ORAM Microarchitecture Fully implemented, except remote attestation and AES units ORAM controller tested/verified for millions of random ORAM accesses ORAM Block Size of 4KB (for now)

44 Implementation Challenges Many challenges and unknown details Min-heap, BRAM multiplexing, block headers, stash management, block caching, timing domains, inter-fpga communication, block buffering,...

45 Min-heap Implementation Need to write and look at two children at every step, running at 150 Mhz Pre-fetch four grandchildren to avoid long combinational path (read and write to BRAM in the same cycle)! Split into multiple BRAMs to avoid limitation to 2 ports!

46 Synthesized FPGA Design Virtex-6 LX760 FPGA!

47 PART V Evaluation

48 ORAM Access times Time per ORAM access (us) 40! 35! 30! 25! 20! 15! 10! 5! 0! 4719 cycles! 32x! 0! 1! 2! 3! 0! 1! 2! 3! 0! 1! 2! 3! 0! 1! 2! 3! 0! 1! 2! 3! 0! 1! 2! 3! 0! 1! 2! 3! 13! 14! 15! 16! 17! 18! 19! Row 1: ORAM size in levels (64MB-4GB) - Row 2: # cached levels (k) Total access time! 4352 cycles! 0.812us! Average of 1M ORAM accesses each (4KB) Time for read phase!

49 Application Performance sqlitecquery3! sqlitecquery2! sqlitecquery1! Simulation (Caches: 16KB/32KB/1MB) FPGA Prototype (Caches: 4KB/4KB/8KB) sqlitecwarmup! No ORAM 0! 2! 4! 6! 8! 10! 12! 14! 16! Execution Time normalized to no ORAM 20%-5.5x Overhead (1MB LLC) 1GB ORAM

50 Future Work Prototype is a starting point Integrate additional Path ORAM optimizations, HW/SW co-design Compiler/OS support to avoid ORAM accesses and reduce size of ORAMs

51 Conclusion Investigated ORAM microarchitecture to exploit high memory bandwidth PHANTOM: Make oblivious computation practical on existing hardware

52 Thank you! Any Questions?! Martin Maas, Eric Love, Emil Stefanov, Mohit Tiwari Elaine Shi, Krste Asanovic, John Kubiatowicz, Dawn Song {maas, ericlove, {krste, kubitron,

The Ascend Secure Processor. Christopher Fletcher MIT

The Ascend Secure Processor. Christopher Fletcher MIT The Ascend Secure Processor Christopher Fletcher MIT 1 Joint work with Srini Devadas, Marten van Dijk Ling Ren, Albert Kwon, Xiangyao Yu Elaine Shi & Emil Stefanov David Wentzlaff & Princeton Team (Mike,

More information

Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM)

Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM) CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7b Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM) Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen

More information

Design and Implementation of the Ascend Secure Processor. Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas

Design and Implementation of the Ascend Secure Processor. Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas Design and Implementation of the Ascend Secure Processor Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas Agenda Motivation Ascend Overview ORAM for obfuscation Ascend:

More information

Memory Defenses. The Elevation from Obscurity to Headlines. Rajeev Balasubramonian School of Computing, University of Utah

Memory Defenses. The Elevation from Obscurity to Headlines. Rajeev Balasubramonian School of Computing, University of Utah Memory Defenses The Elevation from Obscurity to Headlines Rajeev Balasubramonian School of Computing, University of Utah Image sources: pinterest, gizmodo 2 Spectre Overview Victim Code x is controlled

More information

Efficient Memory Integrity Verification and Encryption for Secure Processors

Efficient Memory Integrity Verification and Encryption for Secure Processors Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology New Security

More information

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS

More information

TRASH DAY: COORDINATING GARBAGE COLLECTION IN DISTRIBUTED SYSTEMS

TRASH DAY: COORDINATING GARBAGE COLLECTION IN DISTRIBUTED SYSTEMS TRASH DAY: COORDINATING GARBAGE COLLECTION IN DISTRIBUTED SYSTEMS Martin Maas* Tim Harris KrsteAsanovic* John Kubiatowicz* *University of California, Berkeley Oracle Labs, Cambridge Why you should care

More information

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore The Problem Context:

More information

Tessellation: Space-Time Partitioning in a Manycore Client OS

Tessellation: Space-Time Partitioning in a Manycore Client OS Tessellation: Space-Time ing in a Manycore Client OS Rose Liu 1,2, Kevin Klues 1, Sarah Bird 1, Steven Hofmeyr 3, Krste Asanovic 1, John Kubiatowicz 1 1 Parallel Computing Laboratory, UC Berkeley 2 Data

More information

Multilevel Memories. Joel Emer Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology

Multilevel Memories. Joel Emer Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology 1 Multilevel Memories Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology Based on the material prepared by Krste Asanovic and Arvind CPU-Memory Bottleneck 6.823

More information

Massively Parallel Hardware Security Platform

Massively Parallel Hardware Security Platform Massively Parallel Hardware Security Platform Dan Cvrček, Enigma Bridge, UK dan@enigmabridge.com Petr Švenda, CRoCS, Masaryk University, CZ svenda@fi.muni.cz Overview 1. Cryptography as a Service 2. Usage

More information

Making Searchable Encryption Scale to the Cloud. Ian Miers and Payman Mohassel

Making Searchable Encryption Scale to the Cloud. Ian Miers and Payman Mohassel Making Searchable Encryption Scale to the Cloud Ian Miers and Payman Mohassel End to end Encryption No encryption Transport encryption End2End Encryption Service provider Service provider Service provider

More information

Ming Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay

Ming Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay Hardware and Architectural Support for Security and Privacy (HASP 18), June 2, 2018, Los Angeles, CA, USA Ming Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay Computing and Engineering (SCSE) Nanyang Technological

More information

Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron

Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron Real World Cryptography Conference 2016 6-8 January 2016, Stanford, CA, USA Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron Intel Corp., Intel Development Center,

More information

Searchable Encryption Using ORAM. Benny Pinkas

Searchable Encryption Using ORAM. Benny Pinkas Searchable Encryption Using ORAM Benny Pinkas 1 Desiderata for Searchable Encryption Security No leakage about the query or the results Functionality Variety of queries that are supported Performance 2

More information

Chapter 5B. Large and Fast: Exploiting Memory Hierarchy

Chapter 5B. Large and Fast: Exploiting Memory Hierarchy Chapter 5B Large and Fast: Exploiting Memory Hierarchy One Transistor Dynamic RAM 1-T DRAM Cell word access transistor V REF TiN top electrode (V REF ) Ta 2 O 5 dielectric bit Storage capacitor (FET gate,

More information

SafeBricks: Shielding Network Functions in the Cloud

SafeBricks: Shielding Network Functions in the Cloud SafeBricks: Shielding Network Functions in the Cloud Rishabh Poddar, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley Network Functions (NFs) in the cloud Clients 2 Enterprise Destination Network

More information

Cache Side Channel Attacks on Intel SGX

Cache Side Channel Attacks on Intel SGX Cache Side Channel Attacks on Intel SGX Princeton University Technical Report CE-L2017-001 January 2017 Zecheng He Ruby B. Lee {zechengh, rblee}@princeton.edu Department of Electrical Engineering Princeton

More information

Obliviate: A Data Oblivious File System for Intel SGX. Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee

Obliviate: A Data Oblivious File System for Intel SGX. Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee Obliviate: A Data Oblivious File System for Intel SGX Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee 1 Clouds? The Ultimate Dream? User Clouds 2 Clouds? The Ultimate Dream? User Clouds

More information

CS 152 Computer Architecture and Engineering. Lecture 7 - Memory Hierarchy-II

CS 152 Computer Architecture and Engineering. Lecture 7 - Memory Hierarchy-II CS 152 Computer Architecture and Engineering Lecture 7 - Memory Hierarchy-II Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste!

More information

CS 152 Computer Architecture and Engineering. Lecture 7 - Memory Hierarchy-II

CS 152 Computer Architecture and Engineering. Lecture 7 - Memory Hierarchy-II CS 152 Computer Architecture and Engineering Lecture 7 - Memory Hierarchy-II Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste

More information

Improving Bandwidth Efficiency of Peer-to-Peer Storage

Improving Bandwidth Efficiency of Peer-to-Peer Storage Improving Bandwidth Efficiency of Peer-to-Peer Storage Patrick Eaton, Emil Ong, John Kubiatowicz University of California, Berkeley http://oceanstore.cs.berkeley.edu/ P2P Storage: Promise vs.. Reality

More information

Secure DIMM: Moving ORAM Primitives Closer to Memory

Secure DIMM: Moving ORAM Primitives Closer to Memory Secure DIMM: Moving ORAM Primitives Closer to Memory Ali Shafiee, Rajeev Balasubramonian, Feifei Li School of Computing University of Utah Salt Lake City, Utah, USA Email: {shafiee,rajeev,lifeifei}@cs.utah.edu

More information

6.857 L17. Secure Processors. Srini Devadas

6.857 L17. Secure Processors. Srini Devadas 6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);

More information

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, 2014 06 17 Ignacio García Wellness Telecom Outline Welcome Motivation Objectives TRESCCA client platform SW framework for

More information

Exploring Timing Side-channel Attacks on Path-ORAMs

Exploring Timing Side-channel Attacks on Path-ORAMs Exploring Timing Side-channel Attacks on Path-ORAMs Chongxi Bao, and Ankur Srivastava Dept. of ECE, University of Maryland, College Park Email: {borisbcx, ankurs}@umd.edu Abstract In recent research, it

More information

Interfacing a High Speed Crypto Accelerator to an Embedded CPU

Interfacing a High Speed Crypto Accelerator to an Embedded CPU Interfacing a High Speed Crypto Accelerator to an Embedded CPU Alireza Hodjat ahodjat @ee.ucla.edu Electrical Engineering Department University of California, Los Angeles Ingrid Verbauwhede ingrid @ee.ucla.edu

More information

Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology Certifying Program Execution with Secure Processors Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology Motivation All PCs may soon include trusted computing

More information

Secure Remote Storage Using Oblivious RAM

Secure Remote Storage Using Oblivious RAM Secure Remote Storage Using Oblivious RAM Giovanni Malloy Mentors: Georgios Kellaris, Kobbi Nissim August 11, 2016 Abstract Oblivious RAM (ORAM) is a protocol that allows a user to access the data she

More information

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model

More information

PageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on. Blaise-Pascal Tine Sudhakar Yalamanchili

PageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on. Blaise-Pascal Tine Sudhakar Yalamanchili PageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on Blaise-Pascal Tine Sudhakar Yalamanchili Outline Background: Memory Security Motivation Proposed Solution Implementation Evaluation Conclusion

More information

An introduction to SDRAM and memory controllers. 5kk73

An introduction to SDRAM and memory controllers. 5kk73 An introduction to SDRAM and memory controllers 5kk73 Presentation Outline (part 1) Introduction to SDRAM Basic SDRAM operation Memory efficiency SDRAM controller architecture Conclusions Followed by part

More information

Main Memory and the CPU Cache

Main Memory and the CPU Cache Main Memory and the CPU Cache CPU cache Unrolled linked lists B Trees Our model of main memory and the cost of CPU operations has been intentionally simplistic The major focus has been on determining

More information

Micro-Architectural Attacks and Countermeasures

Micro-Architectural Attacks and Countermeasures Micro-Architectural Attacks and Countermeasures Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 25 Contents Micro-Architectural Attacks Cache Attacks Branch Prediction Attack

More information

Raccoon: Closing Digital Side-Channels through Obfuscated Execution

Raccoon: Closing Digital Side-Channels through Obfuscated Execution Raccoon: Closing Digital Side-Channels through Obfuscated Execution Ashay Rane, Calvin Lin, Mohit Tiwari The University of Texas at Austin Secure code? Instruction Pointer if (secret_bit == 1) { z = (msg

More information

Design space exploration and optimization of path oblivious RAM in secure processors

Design space exploration and optimization of path oblivious RAM in secure processors Design space exploration and optimization of path oblivious RAM in secure processors The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters.

More information

Design Space Exploration and Optimization of Path Oblivious RAM in Secure Processors

Design Space Exploration and Optimization of Path Oblivious RAM in Secure Processors Design Space Exploration and Optimization of Path Oblivious RAM in Secure Processors Ling Ren, Xiangyao Yu, Christopher W. Fletcher, Marten van Dijk and Srinivas Devadas MIT CSAIL, Cambridge, MA, USA {renling,

More information

CS250 VLSI Systems Design Lecture 9: Patterns for Processing Units and Communication Links

CS250 VLSI Systems Design Lecture 9: Patterns for Processing Units and Communication Links CS250 VLSI Systems Design Lecture 9: Patterns for Processing Units and Communication Links John Wawrzynek, Krste Asanovic, with John Lazzaro and Yunsup Lee (TA) UC Berkeley Fall 2010 Unit-Transaction Level

More information

Sanctum: Minimal HW Extensions for Strong SW Isolation

Sanctum: Minimal HW Extensions for Strong SW Isolation CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7a Sanctum: Minimal HW Extensions for Strong SW Isolation Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical &

More information

Chapter Seven. Memories: Review. Exploiting Memory Hierarchy CACHE MEMORY AND VIRTUAL MEMORY

Chapter Seven. Memories: Review. Exploiting Memory Hierarchy CACHE MEMORY AND VIRTUAL MEMORY Chapter Seven CACHE MEMORY AND VIRTUAL MEMORY 1 Memories: Review SRAM: value is stored on a pair of inverting gates very fast but takes up more space than DRAM (4 to 6 transistors) DRAM: value is stored

More information

CS 152 Computer Architecture and Engineering. Lecture 8 - Address Translation

CS 152 Computer Architecture and Engineering. Lecture 8 - Address Translation CS 152 Computer Architecture and Engineering Lecture 8 - Translation Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste!

More information

Silent Shredder: Zero-Cost Shredding For Secure Non-Volatile Main Memory Controllers

Silent Shredder: Zero-Cost Shredding For Secure Non-Volatile Main Memory Controllers Silent Shredder: Zero-Cost Shredding For Secure Non-Volatile Main Memory Controllers 1 ASPLOS 2016 2-6 th April Amro Awad (NC State University) Pratyusa Manadhata (Hewlett Packard Labs) Yan Solihin (NC

More information

Trojan-tolerant Hardware & Supply Chain Security in Practice

Trojan-tolerant Hardware & Supply Chain Security in Practice Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge

More information

Secure RISC-V. A FIPS140-2 Compliant Trust Module for Quad 64-bit RISC-V Core Complex

Secure RISC-V. A FIPS140-2 Compliant Trust Module for Quad 64-bit RISC-V Core Complex Secure RISC-V A FIPS140-2 Compliant Trust Module for Quad 64-bit RISC-V Core Complex Shumpei Kawasaki, Murthy Vedula, Software Hardware Consulting Group Kesami Hagiwara, Cong-Kha Pham, University of Electro-Communications

More information

Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns

Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns Jonathan Dautrich, University of California, Riverside; Emil Stefanov, University of California, Berkeley; Elaine Shi, University of

More information

A Performance Puzzle: B-Tree Insertions are Slow on SSDs or What Is a Performance Model for SSDs?

A Performance Puzzle: B-Tree Insertions are Slow on SSDs or What Is a Performance Model for SSDs? 1 A Performance Puzzle: B-Tree Insertions are Slow on SSDs or What Is a Performance Model for SSDs? Bradley C. Kuszmaul MIT CSAIL, & Tokutek 3 iibench - SSD Insert Test 25 2 Rows/Second 15 1 5 2,, 4,,

More information

CS 152 Computer Architecture and Engineering. Lecture 9 - Address Translation

CS 152 Computer Architecture and Engineering. Lecture 9 - Address Translation CS 152 Computer Architecture and Engineering Lecture 9 - Address Translation Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste!

More information

William Stallings Computer Organization and Architecture 6th Edition. Chapter 5 Internal Memory

William Stallings Computer Organization and Architecture 6th Edition. Chapter 5 Internal Memory William Stallings Computer Organization and Architecture 6th Edition Chapter 5 Internal Memory Semiconductor Memory Types Semiconductor Memory RAM Misnamed as all semiconductor memory is random access

More information

SoftFlash: Programmable Storage in Future Data Centers Jae Do Researcher, Microsoft Research

SoftFlash: Programmable Storage in Future Data Centers Jae Do Researcher, Microsoft Research SoftFlash: Programmable Storage in Future Data Centers Jae Do Researcher, Microsoft Research 1 The world s most valuable resource Data is everywhere! May. 2017 Values from Data! Need infrastructures for

More information

CS 152 Computer Architecture and Engineering. Lecture 8 - Address Translation

CS 152 Computer Architecture and Engineering. Lecture 8 - Address Translation CS 152 Computer Architecture and Engineering Lecture 8 - Translation Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste!

More information

Moneta: A High-performance Storage Array Architecture for Nextgeneration, Micro 2010

Moneta: A High-performance Storage Array Architecture for Nextgeneration, Micro 2010 Moneta: A High-performance Storage Array Architecture for Nextgeneration, Non-volatile Memories Micro 2010 NVM-based SSD NVMs are replacing spinning-disks Performance of disks has lagged NAND flash showed

More information

Maximizing Server Efficiency from μarch to ML accelerators. Michael Ferdman

Maximizing Server Efficiency from μarch to ML accelerators. Michael Ferdman Maximizing Server Efficiency from μarch to ML accelerators Michael Ferdman Maximizing Server Efficiency from μarch to ML accelerators Michael Ferdman Maximizing Server Efficiency with ML accelerators Michael

More information

L9: Storage Manager Physical Data Organization

L9: Storage Manager Physical Data Organization L9: Storage Manager Physical Data Organization Disks and files Record and file organization Indexing Tree-based index: B+-tree Hash-based index c.f. Fig 1.3 in [RG] and Fig 2.3 in [EN] Functional Components

More information

AMD Opteron Processors In the Cloud

AMD Opteron Processors In the Cloud AMD Opteron Processors In the Cloud Pat Patla Vice President Product Marketing AMD DID YOU KNOW? By 2020, every byte of data will pass through the cloud *Source IDC 2 AMD Opteron In The Cloud October,

More information

EE 457 Unit 7b. Main Memory Organization

EE 457 Unit 7b. Main Memory Organization 1 EE 457 Unit 7b Main Memory Organization 2 Motivation Organize main memory to Facilitate byte-addressability while maintaining Efficient fetching of the words in a cache block Low order interleaving (L.O.I)

More information

Efficient Data Structures for Tamper-Evident Logging

Efficient Data Structures for Tamper-Evident Logging Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University Everyone has logs Tamper evident solutions Current commercial solutions Write only hardware appliances

More information

BUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX

BUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX BUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX FLORIAN KERSCHBAUM, UNIVERSITY OF WATERLOO JOINT WORK WITH BENNY FUHRY (SAP), ANDREAS FISCHER (SAP) AND MANY OTHERS DO YOU TRUST YOUR CLOUD SERVICE

More information

Catapult: A Reconfigurable Fabric for Petaflop Computing in the Cloud

Catapult: A Reconfigurable Fabric for Petaflop Computing in the Cloud Catapult: A Reconfigurable Fabric for Petaflop Computing in the Cloud Doug Burger Director, Hardware, Devices, & Experiences MSR NExT November 15, 2015 The Cloud is a Growing Disruptor for HPC Moore s

More information

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic

More information

Isolating Operating System Components with Intel SGX

Isolating Operating System Components with Intel SGX SysTEX 16 Trento, Italy Isolating Operating System Components with Intel SGX Lars Richter, Johannes Götzfried, Tilo Müller Department of Computer Science FAU Erlangen-Nuremberg, Germany December 12, 2016

More information

EE382V: System-on-a-Chip (SoC) Design

EE382V: System-on-a-Chip (SoC) Design EE382V: System-on-a-Chip (SoC) Design Lecture 10 Task Partitioning Sources: Prof. Margarida Jacome, UT Austin Prof. Lothar Thiele, ETH Zürich Andreas Gerstlauer Electrical and Computer Engineering University

More information

Cooperative Path-ORAM for Effective Memory Bandwidth Sharing in Server Settings

Cooperative Path-ORAM for Effective Memory Bandwidth Sharing in Server Settings 2017 IEEE International Symposium on High Performance Computer Architecture Cooperative Path-ORAM for Effective Memory Bandwidth Sharing in Server Settings Rujia Wang Youtao Zhang Jun Yang Electrical and

More information

Securing Cloud-assisted Services

Securing Cloud-assisted Services Securing Cloud-assisted Services N. Asokan http://asokan.org/asokan/ @nasokan Services are moving to the cloud http://dilbert.com/strip/2012-05-25 2 Services are moving to the cloud Example: cloud-based

More information

Computer Architecture A Quantitative Approach, Fifth Edition. Chapter 2. Memory Hierarchy Design. Copyright 2012, Elsevier Inc. All rights reserved.

Computer Architecture A Quantitative Approach, Fifth Edition. Chapter 2. Memory Hierarchy Design. Copyright 2012, Elsevier Inc. All rights reserved. Computer Architecture A Quantitative Approach, Fifth Edition Chapter 2 Memory Hierarchy Design 1 Introduction Programmers want unlimited amounts of memory with low latency Fast memory technology is more

More information

PACE: Power-Aware Computing Engines

PACE: Power-Aware Computing Engines PACE: Power-Aware Computing Engines Krste Asanovic Saman Amarasinghe Martin Rinard Computer Architecture Group MIT Laboratory for Computer Science http://www.cag.lcs.mit.edu/ PACE Approach Energy- Conscious

More information

DIY Hosting for Online Privacy

DIY Hosting for Online Privacy DIY Hosting for Online Privacy Shoumik Palkar and Matei Zaharia Stanford University Appeared at HotNets 2017 Before: A Federated Internet The Internet and its protocols were designed to be federated Organizations

More information

CS 152 Computer Architecture and Engineering. Lecture 9 - Address Translation

CS 152 Computer Architecture and Engineering. Lecture 9 - Address Translation CS 152 Computer Architecture and Engineering Lecture 9 - Address Translation Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste

More information

Organization. 5.1 Semiconductor Main Memory. William Stallings Computer Organization and Architecture 6th Edition

Organization. 5.1 Semiconductor Main Memory. William Stallings Computer Organization and Architecture 6th Edition William Stallings Computer Organization and Architecture 6th Edition Chapter 5 Internal Memory 5.1 Semiconductor Main Memory 5.2 Error Correction 5.3 Advanced DRAM Organization 5.1 Semiconductor Main Memory

More information

arxiv: v1 [cs.ar] 4 Nov 2016

arxiv: v1 [cs.ar] 4 Nov 2016 Flat ORAM: A Simplified Write-Only Oblivious RAM Construction for Secure Processor Architectures Syed Kamran Haider University of Connecticut Email: syed.haider@uconn.edu Marten van Dijk University of

More information

Hardware Acceleration for Tagging

Hardware Acceleration for Tagging Parallel Hardware Parallel Applications IT industry (Silicon Valley) Parallel Software Users Hardware Acceleration for Tagging Sarah Bird, David McGrogan, John Kubiatowicz, Krste Asanovic June 5, 2008

More information

Jian Liu, Sara Ramezanian

Jian Liu, Sara Ramezanian CloSer WP2: Privacyenhancing Technologies Jian Liu, Sara Ramezanian Overview Seek to understand how user privacy is impacted by cloud-assisted security services Develop a suite of privacy-enhancing technologies

More information

Copyright 2012, Elsevier Inc. All rights reserved.

Copyright 2012, Elsevier Inc. All rights reserved. Computer Architecture A Quantitative Approach, Fifth Edition Chapter 2 Memory Hierarchy Design 1 Introduction Programmers want unlimited amounts of memory with low latency Fast memory technology is more

More information

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S Cases

More information

Hardware Acceleration for Cryptographic Functions

Hardware Acceleration for Cryptographic Functions Hardware Acceleration for Cryptographic Functions (AES Algorithm) By: Ahmed Moussa Outline Introduction Why Accelerate Cryptographic Functions? Why Hardware Acceleration? Approaches Literature Review Problem

More information

Scalable and Dynamically Updatable Lookup Engine for Decision-trees on FPGA

Scalable and Dynamically Updatable Lookup Engine for Decision-trees on FPGA Scalable and Dynamically Updatable Lookup Engine for Decision-trees on FPGA Yun R. Qu, Viktor K. Prasanna Ming Hsieh Dept. of Electrical Engineering University of Southern California Los Angeles, CA 90089

More information

Persistent Memory. High Speed and Low Latency. White Paper M-WP006

Persistent Memory. High Speed and Low Latency. White Paper M-WP006 Persistent Memory High Speed and Low Latency White Paper M-WP6 Corporate Headquarters: 3987 Eureka Dr., Newark, CA 9456, USA Tel: (51) 623-1231 Fax: (51) 623-1434 E-mail: info@smartm.com Customer Service:

More information

Trojan-tolerant Hardware

Trojan-tolerant Hardware Trojan-tolerant Hardware + Supply Chain Security in Practice Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge Who we are Vasilios Mavroudis Doctoral Researcher, UCL George Danezis

More information

Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM

Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM Christopher W. Fletcher, Ling Ren, Albert Kwon, Marten van Dijk, Srinivas Devadas Massachusetts Institute

More information

The T0 Vector Microprocessor. Talk Outline

The T0 Vector Microprocessor. Talk Outline Slides from presentation at the Hot Chips VII conference, 15 August 1995.. The T0 Vector Microprocessor Krste Asanovic James Beck Bertrand Irissou Brian E. D. Kingsbury Nelson Morgan John Wawrzynek University

More information

Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi

Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institute of Technology, Delhi Lecture - 13 Virtual memory and memory management unit In the last class, we had discussed

More information

Introduction to Microprocessor

Introduction to Microprocessor Introduction to Microprocessor Slide 1 Microprocessor A microprocessor is a multipurpose, programmable, clock-driven, register-based electronic device That reads binary instructions from a storage device

More information

SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees

SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 3b SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees Slide deck extracted from Kamran s tutorial on SGX and Chenglu s security analysis

More information

DRAF: A Low-Power DRAM-based Reconfigurable Acceleration Fabric

DRAF: A Low-Power DRAM-based Reconfigurable Acceleration Fabric DRAF: A Low-Power DRAM-based Reconfigurable Acceleration Fabric Mingyu Gao, Christina Delimitrou, Dimin Niu, Krishna Malladi, Hongzhong Zheng, Bob Brennan, Christos Kozyrakis ISCA June 22, 2016 FPGA-Based

More information

Views of Memory. Real machines have limited amounts of memory. Programmer doesn t want to be bothered. 640KB? A few GB? (This laptop = 2GB)

Views of Memory. Real machines have limited amounts of memory. Programmer doesn t want to be bothered. 640KB? A few GB? (This laptop = 2GB) CS6290 Memory Views of Memory Real machines have limited amounts of memory 640KB? A few GB? (This laptop = 2GB) Programmer doesn t want to be bothered Do you think, oh, this computer only has 128MB so

More information

BERKELEY PAR LAB. RAMP Gold Wrap. Krste Asanovic. RAMP Wrap Stanford, CA August 25, 2010

BERKELEY PAR LAB. RAMP Gold Wrap. Krste Asanovic. RAMP Wrap Stanford, CA August 25, 2010 RAMP Gold Wrap Krste Asanovic RAMP Wrap Stanford, CA August 25, 2010 RAMP Gold Team Graduate Students Zhangxi Tan Andrew Waterman Rimas Avizienis Yunsup Lee Henry Cook Sarah Bird Faculty Krste Asanovic

More information

Towards Performance Modeling of 3D Memory Integrated FPGA Architectures

Towards Performance Modeling of 3D Memory Integrated FPGA Architectures Towards Performance Modeling of 3D Memory Integrated FPGA Architectures Shreyas G. Singapura, Anand Panangadan and Viktor K. Prasanna University of Southern California, Los Angeles CA 90089, USA, {singapur,

More information

Protecting Private Data in the Cloud: A Path Oblivious RAM Protocol

Protecting Private Data in the Cloud: A Path Oblivious RAM Protocol Protecting Private Data in the Cloud: A Path Oblivious RAM Protocol Nathan Wolfe and Ethan Zou Mentors: Ling Ren and Xiangyao Yu Fourth Annual MIT PRIMES Conference May 18, 2014 Outline 1. Background 2.

More information

Cache Performance and Memory Management: From Absolute Addresses to Demand Paging. Cache Performance

Cache Performance and Memory Management: From Absolute Addresses to Demand Paging. Cache Performance 6.823, L11--1 Cache Performance and Memory Management: From Absolute Addresses to Demand Paging Asanovic Laboratory for Computer Science M.I.T. http://www.csg.lcs.mit.edu/6.823 Cache Performance 6.823,

More information

Reduced Instruction Set Computers

Reduced Instruction Set Computers Reduced Instruction Set Computers The acronym RISC stands for Reduced Instruction Set Computer. RISC represents a design philosophy for the ISA (Instruction Set Architecture) and the CPU microarchitecture

More information

Ingo Brenckmann Jochen Kirsten Storage Technology Strategists SAS EMEA Copyright 2003, SAS Institute Inc. All rights reserved.

Ingo Brenckmann Jochen Kirsten Storage Technology Strategists SAS EMEA Copyright 2003, SAS Institute Inc. All rights reserved. Intelligent Storage Results from real life testing Ingo Brenckmann Jochen Kirsten Storage Technology Strategists SAS EMEA SAS Intelligent Storage components! OLAP Server! Scalable Performance Data Server!

More information

EVT/WOTE 09 AUGUST 10, Ersin Öksüzoğlu Dan S. Wallach

EVT/WOTE 09 AUGUST 10, Ersin Öksüzoğlu Dan S. Wallach EVT/WOTE 09 AUGUST 10, 2009 Ersin Öksüzoğlu Dan S. Wallach VoteBox Full featured DRE voting machine Paper in USENIX Security Symposium 2008 2 Pre-rendered user interface simplifies the graphics subsystem

More information

EECS150 - Digital Design Lecture 09 - Parallelism

EECS150 - Digital Design Lecture 09 - Parallelism EECS150 - Digital Design Lecture 09 - Parallelism Feb 19, 2013 John Wawrzynek Spring 2013 EECS150 - Lec09-parallel Page 1 Parallelism Parallelism is the act of doing more than one thing at a time. Optimization

More information

CS 152 Computer Architecture and Engineering. Lecture 6 - Memory

CS 152 Computer Architecture and Engineering. Lecture 6 - Memory CS 152 Computer Architecture and Engineering Lecture 6 - Memory Krste Asanovic Electrical Engineering and Computer Sciences University of California at Berkeley http://www.eecs.berkeley.edu/~krste! http://inst.eecs.berkeley.edu/~cs152!

More information

LECTURE 5: MEMORY HIERARCHY DESIGN

LECTURE 5: MEMORY HIERARCHY DESIGN LECTURE 5: MEMORY HIERARCHY DESIGN Abridged version of Hennessy & Patterson (2012):Ch.2 Introduction Programmers want unlimited amounts of memory with low latency Fast memory technology is more expensive

More information

IBM Network Processor, Development Environment and LHCb Software

IBM Network Processor, Development Environment and LHCb Software IBM Network Processor, Development Environment and LHCb Software LHCb Readout Unit Internal Review July 24 th 2001 Niko Neufeld, CERN 1 Outline IBM NP4GS3 Architecture A Readout Unit based on the NP4GS3

More information

Towards Practical Differential Privacy for SQL Queries. Noah Johnson, Joseph P. Near, Dawn Song UC Berkeley

Towards Practical Differential Privacy for SQL Queries. Noah Johnson, Joseph P. Near, Dawn Song UC Berkeley Towards Practical Differential Privacy for SQL Queries Noah Johnson, Joseph P. Near, Dawn Song UC Berkeley Outline 1. Discovering real-world requirements 2. Elastic sensitivity & calculating sensitivity

More information