Authentication Control Point and Its Implications For Secure Processor Design

Secure processor architecture enables tamper-proof protection on software that addresses many difficult security problems such as reverse-engineering prevention, trusted computing, secure mobile agents by providing a secure computing environment that is resistant to both physical tampering and software exploits. Two essential features offered by a secure processor are software encryption for protecting software privacy and integrity verification for preventing tampering of the protected software. Despite a number of secure processor designs have been proposed, the delicate relationship between privacy and integrity protection in the context of modern out-of-order processor design is not well understood. This paper aims to remedy this research deficiency by evaluating different designs that integrate software decryption and integrity verification into an out-of-order pipeline. Our paper provides an in-depth analysis of the security and performance trade-offs, implications of several designs in the context of memory fetch side-channel exploits. Among the evaluated spectrum of design alternatives are: (1) authentication-then-issue, (2) authentication-then-commit, (3) authentication-then-write, (4) authentication-then-fetch, and (5) authentication-then-commit + address obfuscation. Performance of various designs was evaluated using a cycle based processor model and SPEC 2000 benchmark suite