Instruction injections or soft errors during execution on the CPU can cause serious system vulnerabilities. During the standard program flow of the processor, the injection of unauthorized instruction or the occurrence of an error in the expected instruction are the main conditions for potentially serious such vulnerabilities. With the execution of these unauthorized instructions, adversaries could exploit SoC and execute their own malicious program or get higher-level privileges on the system. On the other hand, non-intentional errors can potentially corrupt programs causing unintended executions or the cause of program crashes. Modern trusted architectures propose solutions for unauthorized execution on SoC with additional software mechanisms or extra hardware logic on the same untrusted SoC. Nevertheless, these SoCs can still be vulnerable, as long as deployed security detection mechanisms are embedded within the same SoC's fabric. Furthermore, validation mechanisms on the SoC increase the complexity and power consumption of the SoC. This paper presents DEV-PIM, a new, high-performance, and low-cost execution validation mechanism in SoCs with external DRAM memory. The proposed approach uses processingin-memory (PIM) method to detect instruction injections or corrupted instructions by utilising basic computing resources on a standard DRAM device. DEV-PIM transfers instructions scheduled for execution on the CPU to the DRAM and validates them by comparing content with the trusted program record on the DRAM using PIM operations. By optimising the DRAM scheduling process validation tasks are only executed when memory access is idle. The CPU retains uninterrupted memory access and can continue its normal program flow without penalty. We evaluate DEV-PIM in an end-to-end DRAM-compatible environment and run a set of software benchmarks. On average, the proposed architecture is able to detect 98.46% of instruction injections for different validation. We also measured on average only 0.346% CPU execution overhead with DEV-PIM enabled.
Bolat, A., Tugrul, Y.c., Celik, S.h., Sezer, S., Ottavi, M., Ergin, O. (2023). DEV-PIM: dynamic execution validation with processing-in-memory. In 2023 IEEE European Test Symposium (ETS) (pp.1-6). New York : IEEE [10.1109/ETS56758.2023.10174063].
DEV-PIM: dynamic execution validation with processing-in-memory
Ottavi, M.;
2023-01-01
Abstract
Instruction injections or soft errors during execution on the CPU can cause serious system vulnerabilities. During the standard program flow of the processor, the injection of unauthorized instruction or the occurrence of an error in the expected instruction are the main conditions for potentially serious such vulnerabilities. With the execution of these unauthorized instructions, adversaries could exploit SoC and execute their own malicious program or get higher-level privileges on the system. On the other hand, non-intentional errors can potentially corrupt programs causing unintended executions or the cause of program crashes. Modern trusted architectures propose solutions for unauthorized execution on SoC with additional software mechanisms or extra hardware logic on the same untrusted SoC. Nevertheless, these SoCs can still be vulnerable, as long as deployed security detection mechanisms are embedded within the same SoC's fabric. Furthermore, validation mechanisms on the SoC increase the complexity and power consumption of the SoC. This paper presents DEV-PIM, a new, high-performance, and low-cost execution validation mechanism in SoCs with external DRAM memory. The proposed approach uses processingin-memory (PIM) method to detect instruction injections or corrupted instructions by utilising basic computing resources on a standard DRAM device. DEV-PIM transfers instructions scheduled for execution on the CPU to the DRAM and validates them by comparing content with the trusted program record on the DRAM using PIM operations. By optimising the DRAM scheduling process validation tasks are only executed when memory access is idle. The CPU retains uninterrupted memory access and can continue its normal program flow without penalty. We evaluate DEV-PIM in an end-to-end DRAM-compatible environment and run a set of software benchmarks. On average, the proposed architecture is able to detect 98.46% of instruction injections for different validation. We also measured on average only 0.346% CPU execution overhead with DEV-PIM enabled.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
