Research On Memory Confidentiality And Integrity Protection Technology

In most of the existing computer systems, the data is stored and transmitted in plaintextso that it is vulnerable to various attacks. As a key data carrier,the memory is particularlyimportant for secure system.To protect the off-chip memory,the basic idea is to protect itsconfidentiality and integrity. Confidentiality protection ensures the adversary cann’tunderstand the data he obtained, and integrity protection ensures that the system is able todetect the illegal tampering of data in a timely manner.In this paper, we first introduce the basic model of memory protection and three classicsystem architectures.Then we analysis the existing solutions of confidentiality protection andintegrity protection separately.By pointing the characteristics of the confidentiality andintegrity protection, we propose a new uniform protection scheme called PCIP (Parralelizedmemory Confidentiality and Integrity Protection technology)based on the PE-ICE. By addingredundant data into the protected data, we put the two parts of protection together. Comparedto the direct block encryption used in PE-ICE, we use the counter mode encryption in PCIP toachieve a greatly improve on encryption efficiency. In the same time, using redundant data toprotect the memory’s integrity also have a shorter latency than using complex hash algorithmto calculate the checksum value, finally，it makes sure that the encryption and integritychecking can be done in real-time.In order to reduce the on-chip memory overhead and make it more practical,we use twodifferent mechanisms to protect the off-chip CTR,named PCIP+BMT and PCIP_Tree. Both ofthe two methods have its own advantages and disadvantages, the former one can update thetree paralelly but serialized in check process. The latter the opposite.Finally, we use the SimpleScalar Tool to run10SPEC2K benchmark programs to test theproposed mechanisms.The result show that the PCIP method proposed in this paper is moreeffective than the PC-ICE. And the influence caused by using two tree protection mechanismsbased on the PCIP is little.