Embed Size (px)
Citation preview
IVEC: Off-Chip Memory Integrity Protection for Both Security and Reliability
Ruirui Huang, G. Edward Suh
Cornell University
2
ECCIntegrity
Verification (IV)IV+ECC
Random Error
DetectionMalicious
Attack DetectionRandom
Error Correction
Motivation
ProcessorOff-chip Memory
Random Transient Errors
ECC
ECC Parity
Malicious Attacks
IV
IV Hash
It’s easy to compute the ECC parity bits for the injected attack data.Execution is aborted when IV fails.
Twice the overhead for random error detection!!
3
IVEC – Integrity Verification with Error Correction
Goal:• Extend IV to correct errors while ensuring a proper level of
security
• Cover both single-bit and multi-bit errors
Challenge• Error correction is essentially finding the erroneous bits
• Cryptographic hash in IV does not reveal error locations
3
Can we extend the capability of IV to handle both security and reliability errors with minimal overheads?
4
Outline
Background• ECC• Integrity Verification (IV)
IVEC error correction• Single-bit errors• Multi-bit errors
HW Implementation
Evaluation
5
ECC (SEC-DED) In general, a modern system uses (72, 64) SEC-DED ECC
For every 64-bit data, 8 additional parity bits are needed
Memory space and bandwidth overheads of 12.5%
Correct 1-bit errors
5
ECC DIMM (18 x4 DRAM chips)
DRAM1
72-bit SEC-DED ECC Word72-bit SEC-DED ECC Word
DRAM2
DRAM3
DRAM4
DRAM5
DRAM6
DRAM7
DRAM8
DRAM9
DRAM10
DRAM11
DRAM12
DRAM13
DRAM14
DRAM15
DRAM16
DRAM18
DRAM17
Two extra DRAM chips for 8-bit parity of ECC
Two extra DRAM chips for 8-bit parity of ECC
ECC can be extended to correct common multi-bit errors
Chip-kill correct: correct up to one DRAM chip failure
6
Cryptographic Hash
IV relies on cryptographic hash to detect any changes on data saved in an un-trusted memory
• Fixed length “finger print” of the data
• Collision resistance is a key property
Message Authentication Code (MAC) is a keyed cryptographic hash that can also be used for IV
Data (d)
Hash (h)
On data access, check if h == H(d)
7
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
Size of a cache block
Protected data in memory
hash
ha
sh
hash
ha
sh
IV - Hash/MAC Trees
Integrity verification techniques often rely on hash/MAC trees • Any changes in data memory would be detected
H(h1 || h2 || h3 || h4)root hash
h 1 h 2 h 3 h 4
In processor
In off-chip memory
7
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
Size of a cache block
Protected data in memory
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
hash
ha
sh
h 1 h 2 h 3 h 4h 1 h 2 h 3 h 4
Previous works suggest that IV’s performance overhead is only 2-5% when using Cached MAC Trees
8
Outline
Background• ECC• Integrity Verification (IV)
IVEC error correction• Single-bit errors• Multi-bit errors
HW Implementation
Evaluation
9
Single-bit Error Model
A single-bit error in a cache block (64B) Error is detected by checking the computed hash value to the stored hash value on-chip
9
DIMM1 DIMM4DRAM
1DRAM
16DRAM
1DRAM
16
1st Read-block(256 bits)
2nd Read-block(256 bits)
64B cache block, 256-bits per read-block (2 read-blocks required to fill 1 cache block)
10
Single-bit Error Correction Correction as searching problem
• Flip one bit at a time for all possible combinations, and check if the new value passes the integrity verification
10
DIMM1 DIMM4DRAM
1DRAM
16DRAM
1DRAM
16
11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 111st Read-block
(256 bits)
11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 112nd Read-block(256 bits)
64B cache block, 256bits per read-block (2 reads required to fill 1 cache block)
00 11 11 1111 00 11 1111 11 00 1111 11 11 0011 11 11 11 00 11 11 1111 00 11 1111 11 00 1111 11 11 0011 11 11 11 00 11 11 1111 00 11 1111 11 00 11
Corrected!
11
Multi-bit Error Model
Any bits in one DRAM chip can fail in each read-block
• Similar to chip-kill correct
11
DIMM1 DIMM4DRAM
1DRAM
16DRAM
1DRAM
16
1st Read-block(256 bits)
2nd Read-block(256 bits)
64B cache block, 256bits per read-block (2 reads required to fill 1 cache block)
12
2nd Read-block(256 bits)
IVEC Error Correction with Parity Each parity bit covers one bit from every DRAM chip in a
read-block• x4 DRAM: 4 parity bits per read-block
12
DIMM1 DIMM4DRAM
1DRAM
16DRAM
1DRAM
16
1st Read-block(256 bits)
64B cache block, 256bits per read-block (2 reads required to fill 1 cache block), 8 parity bits
P1 P2 P3 P4 P1 P2 P3 P4 P1 P2 P3 P4 P1 P2 P3 P4
P5 P6 P7 P8 P5 P6 P7 P8 P5 P6 P7 P8 P5 P6 P7 P8
P1P1P3P3P4P4P2P2
13
IVEC Correction with Parity
Use parity bits to guide our correction search• Correction scheme can be extended with more or fewer
number of parity bits
13
DIMM1 DIMM4DRAM
1DRAM
16DRAM
1DRAM
16
11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 111st Read-block
(256 bits)
11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 112nd Read-block(256 bits)
64B cache block, 256bits per read-block (2 reads required to fill 1 cache block), 8 parity bits
P1 P2 P3 P4 P1 P2 P3 P4 P1 P2 P3 P4 P1 P2 P3 P4
P5 P6 P7 P8 P5 P6 P7 P8 P5 P6 P7 P8 P5 P6 P7 P8
00 11 00 1111 11 11 11
00 11 11 0011 11 11 11 00 11 11 0011 11 11 11 00 11 11 0011 11 11 11 00 11 11 0011 11 11 11
00 11 00 11
00 11 11 0011 11 11 11 00 11 11 0011 11 11 11 00 11 11 00Corrected
!
• For hard faults, start searching from recent error locations
14
Parity Handling
Parity bits are stored in regular memory space
Parity bits are not needed for reads unless there is an error
• They are only updated on write-back operations• Decoupled error detection and correction
A parity cache can be used to load and store parity bits when necessary
15
Outline
Background• ECC• Integrity Verification (IV)
IVEC error correction• Single-bit errors• Multi-bit errors
HW Implementation
Evaluation
16
IVEC Hardware Implementation
Blue – new blocks for IVEC
Yellow – already exist in a system with IV
16
IVEC ControlIVEC Control
Parent MAC from cache
Counter Cache
Counter Cache
L2 CacheL2 Cache
AESAES
CheckCheck
GF MultiplyGF Multiply
LDQ
To memory
From memory
IV Queue
Data Queue
MA
CQ
Correction Buffer
To L2
Result to control
Parity CacheParity Cache
17
Outline
Background• ECC• Integrity Verification (IV)
IVEC error correction• Single-bit errors• Multi-bit errors
HW Implementation
Evaluation
18
Error Detection
IV detects any error pattern unless there is a hash/MAC collision
Error detection probability depends on the length of the hash/MAC
• ↑ hash/MAC length, ↓ collision rate• For example, 64-bit MAC has 1/264 collision rate
19
Error Correction
Mis-correction happens if there is a hash/MAC collision on a correction attempt
• Every time a hash is recomputed for a possible correction (correction attempt), there is a chance of a collision
• ↑ number of correction attempts, ↑ mis-correction rate
Security is weakened by correction attempts• An integrity violation is not detected on a mis-correction• ↑ number of correction attempts, ↓ security
Correction latency• GMAC: 4-8 cycles per correction attempt
20
Worst-Case Numbers
Maximum number of correction attempts
20
ParitySingle-bit Error Multi-bit Error
x4 DRAM Chip
x8 DRAM Chip
x16 DRAM Chip
x4 DRAM Chip
x8 DRAM Chip
x16 DRAM Chip
None 512 512 512 220 226 240
4 bits 128 128 128 216 222 236
8 bits 64 64 64 4096 218 232
16 bits 32 32 32 1024 1024 224
32 bits 16 16 16 256 256 256
Security is reduced by ~12-bit (64bits->52bits)Max correction latency: 32768 cycles
Security is reduced by ~8-bit (64bits->56bits)Max correction latency: 4096 cycles
512-bit cache block, 256-bit read-block
21
Memory Space Overhead
21
ECC: 64 parity bits per cache block (512 bits)
IV: 64-bit MAC per cache block (512 bits) in a MAC tree structure plus meta-data
22
Performance Evaluation
Run-time overheads• Error correction latency: negligible with a typical SER rate • Performance overhead due to off-chip bandwidth usage
from updating parity bits
Tools• Pin instrumentation tool and TAXI performance simulator
Parameters• Core2-like single processor: 4-issue OoO core
Baseline is chosen to have IV implemented• 64-bit GMAC-tree with split counter mode (< 5% overhead)
23
Memory Bandwidth Overhead
Traditional ECC bandwidth overhead is 12.5%
IVEC Memory bandwidth overhead is <= 9% in the worst case
Performance overhead is negligible (0.5% in the worst case)
23
9%
3.2%
24
Related Work
Memory integrity verification
Off-chip DRAM ECC• SEC-DED ECC
• Chip-kill Correct
Tiered ECC
Reliability and Security Engine (RSE)
24
25
Conclusion
IVEC enables efficient protection of off-chip memory from both security attacks and random errors
• Can handles both single-bit errors and multi-bit errors
• Minimal impact on security
IVEC is able to eliminate the use of traditional ECC for off-chip memory when a system requires IV for security
25
