How to Hide Secrets from Operating System: Architecture Level Support for Dynamic Address Trace Obfuscation
Gomathisankaran, Mahadevan and Tyagi, Akhilesh (2004) How to Hide Secrets from Operating System: Architecture Level Support for Dynamic Address Trace Obfuscation. Publisher UNSPECIFIED.
Full text available as:
The adversary model for digital rights management is much more powerful than for the traditional security scenarios. The adversary has complete control of the computing node -- supervisory privileges, physical as well as architectural object observational capabilities. In essence, this makes the operating system (or any other layer around the architecture) itself the adversary. The repercussions of this observation are severe. It creates a need to ``keep secrets'' from the operating system (OS). It isolates the architecture from the operating system. We argue for the need to keep secrets from the OS in hardware. This concept is demonstrated through architectural support for the obfuscation of dynamic address traces on the memory bus. The objective is to leak as little information about the executed program sequence as possible. This is done by handing over many of the virtual memory management responsibilities from the operating system to an architecturally isolated hardware black-box (VM black-box). We provide a detailed design for the VM blackbox and some microarchitecture level simulation derived performance data. We also describe a compiler directed prefetch scheme that uses both instruction and data prefetches to obfuscate the address traces on the address bus between on-chip L2 cache and memory.
Archive Staff Only: edit this record