This technical report addresses how to hide secrets from an operating system. The authors provide a detailed design for the VM blackbox and some microarchitecture level simulation derived performance data. They also describe a compiler directed prefetch scheme that uses both instruction and data prefetches to obfuscate the address traces on the address bus between on-chip L2 cache and memory.
The UNT College of Engineering strives to educate and train engineers and technologists who have the vision to recognize and solve the problems of society. The college comprises six degree-granting departments of instruction and research.
This technical report addresses how to hide secrets from an operating system. The authors provide a detailed design for the VM blackbox and some microarchitecture level simulation derived performance data. They also describe a compiler directed prefetch scheme that uses both instruction and data prefetches to obfuscate the address traces on the address bus between on-chip L2 cache and memory.
Physical Description
10 p.
Notes
Abstract: The adversary model for digital rights management is much more powerful than for the traditional security scenarios. The adversary has complete control of the computing node - supervisory privileges, physical as well as architectural object observational capabilities. In essence, this makes the operating system (or any other layer around the architecture) itself the adversary. The repercussions of this observation are severe. It creates a need to "keep secrets" from the operating system. We argue for the need to keep secrets from the OS in hardware. This concept is demonstrated through architectural support for the obfuscation of dynamic address traces on the memory bus. The objective is to leak as little information about the executed program sequence as possible. This is done by handing over many of the virtual memory management responsibilities from the operating system to an architecturally isolated hardware black-box (VM black-box). The authors provide a detailed design for the VM blackbox and some microarchitecture level simulation derived performance data. We also describe a compiler directed prefetch scheme that uses both instruction and data prefetches to obfuscate the address traces on the address bus between on-chip L2 cache and memory.
This report is part of the following collection of related materials.
UNT Scholarly Works
Materials from the UNT community's research, creative, and scholarly activities and UNT's Open Access Repository. Access to some items in this collection may be restricted.
Gomathisankaran, Mahadevan & Tyagi, Akhilesh.How to Hide Secrets from Operating System: Architecture Level Support for Dynamic Address Trace Obfuscation,
report,
2004;
(https://digital.library.unt.edu/ark:/67531/metadc94282/:
accessed February 13, 2025),
University of North Texas Libraries, UNT Digital Library, https://digital.library.unt.edu;
crediting UNT College of Engineering.