How to Hide Secrets from Operating System: Architecture Level Support for Dynamic Address Trace Obfuscation

Description:

This technical report addresses how to hide secrets from an operating system. The authors provide a detailed design for the VM blackbox and some microarchitecture level simulation derived performance data. They also describe a compiler directed prefetch scheme that uses both instruction and data prefetches to obfuscate the address traces on the address bus between on-chip L2 cache and memory.

Creator(s):
Creation Date: 2004  
Partner(s):
UNT College of Engineering
Collection(s):
UNT Scholarly Works
Usage:
Total Uses: 61
Past 30 days: 10
Yesterday: 0
Creator (Author):
Gomathisankaran, Mahadevan

University of North Texas

Creator (Author):
Tyagi, Akhilesh

Iowa State University

Date(s):
  • Creation: 2004
Description:

This technical report addresses how to hide secrets from an operating system. The authors provide a detailed design for the VM blackbox and some microarchitecture level simulation derived performance data. They also describe a compiler directed prefetch scheme that uses both instruction and data prefetches to obfuscate the address traces on the address bus between on-chip L2 cache and memory.

Degree:
Note:

Abstract: The adversary model for digital rights management is much more powerful than for the traditional security scenarios. The adversary has complete control of the computing node - supervisory privileges, physical as well as architectural object observational capabilities. In essence, this makes the operating system (or any other layer around the architecture) itself the adversary. The repercussions of this observation are severe. It creates a need to "keep secrets" from the operating system. We argue for the need to keep secrets from the OS in hardware. This concept is demonstrated through architectural support for the obfuscation of dynamic address traces on the memory bus. The objective is to leak as little information about the executed program sequence as possible. This is done by handing over many of the virtual memory management responsibilities from the operating system to an architecturally isolated hardware black-box (VM black-box). The authors provide a detailed design for the VM blackbox and some microarchitecture level simulation derived performance data. We also describe a compiler directed prefetch scheme that uses both instruction and data prefetches to obfuscate the address traces on the address bus between on-chip L2 cache and memory.

Physical Description:

10 p.

Language(s):
Subject(s):
Keyword(s): operating systems | dynamic addresses | digital rights management | software
Partner:
UNT College of Engineering
Collection:
UNT Scholarly Works
Identifier:
  • REP-NO: 00000101
  • ARK: ark:/67531/metadc94282
Resource Type: Report
Format: Text
Rights:
Access: Public