research-article

Border control: sandboxing accelerators

Authors:

David A. WoodAuthors Info & Claims

MICRO-48: Proceedings of the 48th International Symposium on Microarchitecture

Pages 470 - 481

https://doi.org/10.1145/2830772.2830819

Published: 05 December 2015 Publication History

Abstract

As hardware accelerators proliferate, there is a desire to logically integrate them more tightly with CPUs through interfaces such as shared virtual memory. Although this integration has programmability and performance benefits, it may also have serious security and fault isolation implications, especially when accelerators are designed by third parties. Unchecked, accelerators could make incorrect memory accesses, causing information leaks, data corruption, or crashes not only for processes running on the accelerator, but for the rest of the system as well. Unfortunately, current security solutions are insufficient for providing memory protection from tightly integrated untrusted accelerators.

We propose Border Control, a sandboxing mechanism which guarantees that the memory access permissions in the page table are respected by accelerators, regardless of design errors or malicious intent. Our hardware implementation of Border Control provides safety against improper memory accesses with a space overhead of only 0.006% of system physical memory per accelerator. We show that when used with a current highly demanding accelerator, this initial Border Control implementation has on average a 0.15% runtime overhead relative to the unsafe baseline.

References

[1]

"Regulation (EC) No 562/2006 of the European Parliament and of the Council of 15 March 2006 establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code)," 2006.

[2]

W.-C. Park, H.-J. Shin, B. Lee, H. Yoon, and T.-D. Han, "RayChip: Real-time ray-tracing chip for embedded applications," in Hot Chips 26, 2014.

[3]

H. Esmaeilzadeh, A. Sampson, L. Ceze, and D. Burger, "Neural acceleration for general-purpose approximate programs," in MICRO-45, 2012.

Digital Library

[4]

O. Kocberber, B. Grot, J. Picorel, B. Falsafi, K. Lim, and P. Ranganathan, "Meet the walkers: Accelerating index traversals for in-memory databases," in MICRO-46, 2013.

Digital Library

[5]

S. Phillips, "M7: Next generation SPARC," in Hot Chips 26, 2014.

[6]

K. Atasu, R. Polig, C. Hagleitner, and F. R. Reiss, "Hardware-accelerated regular expression matching for high-throughput text analytics," in FPL 23, 2013.

[7]

V. Rajagopalan, "All programmable devices: Not just an FPGA anymore," MICRO-45, 2013. Keynote presentation.

[8]

B. Black, "Die stacking is happening!."MICRO-45, 2013. Keynote presentation., Dec. 2013.

[9]

P. Rogers, "Heterogeneous system architecture overview," in Hot Chips 25, 2013.

[10]

S. Kumar, A. Shriraman, and N. Vedula, "Fusion: Design tradeoffs in coherent cache hierarchies for accelerators," in ISCA 42, 2015.

Digital Library

[11]

J. Sell and P. O'Connor, "The Xbox One system on a chip and Kinect sensor," IEEE Micro, vol. 34, Mar. 2014.

[12]

J. Stuecheli, B. Blaner, C. R. Johns, and M. S. Siegel, "Capi: A coherent accelerator processor interface," IBM Journal of Research and Development, vol. 59, pp. 7:1--7:7, Jan. 2015.

Digital Library

[13]

P. Hammarlund, "4th generation Intel core processor, codenamed haswell," in Hot Chips 26, 2014.

[14]

AMD, "AMD's most advanced APU ever." http://www.amd.com/us/products/desktop/processors/a-series/Pages/nextgenapu.aspx.

[15]

J. Goodacre, "The evolution of the ARM architecture towards big data and the data-centre." http://virtical.upv.es/pub/sc13.pdf, Nov. 2013.

[16]

US Department of Defense, "Defense science board task force on high performance microchip supply," 2005.

[17]

M. T. Inc, MIPS R4000PC/SC Errata, Processor Revision 2.2 and 3.0. May 1994.

[18]

"Zynq-7000 all programmable SoC." http://www.xilinx.com/products/silicon-devices/soc/zynq-7000.html, 2014.

[19]

A. L. Shimpi, "AMD's B3 stepping Phenom previewed, TLB hardware fix tested," Mar. 2008.

[20]

I. Corporation, "Intel Core i7-900 desktop processor extreme edition series and Intel Core i7-900 desktop processor series specification update." http://download.intel.com/design/processor/specupdt/320836.pdf, May 2011.

[21]

Intel Xeon Processor E5 Family: Specification Update, Jan. 2014.

[22]

AMD I/O Virtualization Technology (IOMMU) Specification, Revision 2.00, Mar. 2011.

[23]

Intel Virtualization Technology for Directed I/O, Revision 2.3, Oct. 2014.

[24]

ARM System Memory Management Unit Architecture Specification, SMMU architecture version 2.0, 2012-2013.

[25]

J. Stuecheli, "Power8," in Hot Chips 25, 2013.

[26]

R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham, "Efficient software-based fault isolation," in SOSP 14, 1993.

Digital Library

[27]

J. Saltzer and M. Schroeder, "The protection of information in computer systems," Proc. of the IEEE, vol. 63, Sept 1975.

[28]

ARM Security Technology: Building a Secure System using TrustZone Technology.

[29]

M. Gorman, "Understanding the Linux virtual memory manager," 2004.

Digital Library

[30]

M. Talluri and M. D. Hill, "Surpassing the TLB performance of superpages with less operating system support," in ASPLOS VI, 1994.

Digital Library

[31]

E. Witchel, J. Cates, and K. Asanovic, "Mondrian memory protection," in ASPLOS X, 2002.

Digital Library

[32]

H. M. Levy, Capability-Based Computer Systems. Digital Press, 1984.

Digital Library

[33]

A. Waksman and S. Sethumadhavan, "Silencing hardware backdoors," in SP, 2011.

Digital Library

[34]

C. Sturton, M. Hicks, D. Wagner, and S. T. King, "Defeating UCI: Building stealthy and malicious hardware," in SP, 2011.

Digital Library

[35]

D. Price, "Pentium FDIV flaw-lessons learned," Micro, IEEE, vol. 15, pp. 86--88, Apr. 1995.

Digital Library

[36]

M. Cekleov and M. Dubois, "Virtual-address caches part 1: Problems and solutions in uniprocessors," IEEE Micro, vol. 17, Sept 1997.

Digital Library

[37]

M. Cekleov and M. Dubois, "Virtual-address caches, part 2: Multiprocessor issues," IEEE Micro, vol. 17, Nov 1997.

Digital Library

[38]

S. Kaxiras and A. Ros, "A new perspective for efficient virtual-cache coherence," in ISCA 40, 2013.

Digital Library

[39]

S. Che, M. Boyer, J. Meng, D. Tarjan, J. W. Sheaffer, S.-H. Lee, and K. Skadron, "Rodinia: A benchmark suite for heterogeneous computing," in IISWC, 2009.

Digital Library

[40]

J. Power, J. Hestness, M. S. Orr, M. D. Hill, and D. A. Wood, "gem5-gpu: A heterogeneous cpu-gpu simulator," Computer Architecture Letters, vol. 13, no. 1.

[41]

N. Binkert, B. Beckmann, G. Black, S. K. Reinhardt, A. Saidi, A. Basu, J. Hestness, D. R. Hower, T. Krishna, S. Sardashti, R. Sen, K. Sewell, M. Shoaib, N. Vaish, M. D. Hill, and D. A. Wood, "The gem5 simulator," CAN, 2011.

Digital Library

[42]

A. Bakhoda, G. L. Yuan, W. W. L. Fung, H. Wong, and T. M. Aamodt, "Analyzing CUDA workloads using a detailed GPU simulator," in ISPASS, 2009.

[43]

M. Malka, N. Amit, M. Ben-Yehuda, and D. Tsafrir, "rIOMMU: Efficient IOMMU for I/O devices that employ ring buffers," in ASPLOS 20, 2015.

Digital Library

[44]

M. Tiwari, J. K. Oberg, X. Li, J. Valamehr, T. Levil, B. Hardekopf, R. Kastner, F. T. Chong, and T. Sherwood, "Crafting a usable microkernel, processor, and I/O security system with strict and provable information flow security," in ISCA 38, 2011.

Digital Library

[45]

J. Chapin, M. Rosenblum, S. Devine, T. Lahiri, D. Teodosiu, and A. Gupta, "Hive: Fault containment for shared-memory multiprocessors," in SOSP 15, 1995.

Digital Library

[46]

J. Kuskin, D. Ofelt, M. Heinrich, J. Heinlein, R. Simoni, K. Gharachorloo, J. Chapin, D. Nakahira, J. Baxter, M. Horowitz, A. Gupta, M. Rosenblum, and J. Hennessy, "The Stanford FLASH multiprocessor," in ISCA 21, 1994.

Digital Library

[47]

E. J. Koldinger, J. S. Chase, and S. J. Eggers, "Architectural support for single address space operating systems," in ASPLOS V, 1992.

Digital Library

[48]

J. Wilkes and B. Sears, "A comparison of protection lookaside buffers and the PA-RISC protection architecture," Tech. Rep. HPL-92-55, Hewlett Packard Labs, 1992.

[49]

G. M. Amdahl, G. A. Blaauw, and F. P. Brooks, "Architecture of the IBM System/360," IBM Journal of Research and Development, vol. 8, pp. 87--101, Apr. 1964.

Digital Library

[50]

J. Greene, "Intel trusted execution technology," Intel Technology Whitepaper, 2012.

Cited By

Alam FLee HBhattacharjee AAwad A(2023)CryptoMMU: Enabling Scalable and Secure Access Control of Third-Party AcceleratorsProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3614311(32-48)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3614311
Naghibijouybari HKoruyeh EAbu-Ghazaleh N(2022)Microarchitectural Attacks in Heterogeneous Systems: A SurveyACM Computing Surveys10.1145/354410255:7(1-40)Online publication date: 15-Dec-2022
https://dl.acm.org/doi/10.1145/3544102
Zhao MGao MKozyrakis CFalsafi BFerdman MLu SWenisch T(2022)ShEF: shielded enclaves for cloud FPGAsProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507733(1070-1085)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507733
Show More Cited By

Recommendations

Mallacc: Accelerating Memory Allocation
ASPLOS '17: Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems

Recent work shows that dynamic memory allocation consumes nearly 7% of all cycles in Google datacenters. With the trend towards increased specialization of hardware, we propose Mallacc, an in-core hardware accelerator designed for broad use across a ...
Mallacc: Accelerating Memory Allocation
Asplos'17

Recent work shows that dynamic memory allocation consumes nearly 7% of all cycles in Google datacenters. With the trend towards increased specialization of hardware, we propose Mallacc, an in-core hardware accelerator designed for broad use across a ...
Mallacc: Accelerating Memory Allocation
ASPLOS '17

Recent work shows that dynamic memory allocation consumes nearly 7% of all cycles in Google datacenters. With the trend towards increased specialization of hardware, we propose Mallacc, an in-core hardware accelerator designed for broad use across a ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MICRO-48: Proceedings of the 48th International Symposium on Microarchitecture

December 2015

787 pages

ISBN:9781450340342

DOI:10.1145/2830772

General Chair:
Milos Prvulovic
Georgia Tech

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

IEEE Computer Society TC-uARCH
SIGMICRO: ACM Special Interest Group on Microarchitectural Research and Processing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

MICRO-48

Sponsor:

SIGMICRO

MICRO-48: The 48th Annual IEEE/ACM International Symposium of Microarchitecture

December 5 - 9, 2015

Waikiki, Hawaii

Acceptance Rates

MICRO-48 Paper Acceptance Rate 61 of 283 submissions, 22%;

Overall Acceptance Rate 484 of 2,242 submissions, 22%

Upcoming Conference

MICRO '24

Sponsor:
sigmicro

57th Annual IEEE/ACM International Symposium on Microarchitecture

November 2 - 6, 2024

Austin , TX , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

39
Total Citations
View Citations
617
Total Downloads

Downloads (Last 12 months)86
Downloads (Last 6 weeks)6

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Alam FLee HBhattacharjee AAwad A(2023)CryptoMMU: Enabling Scalable and Secure Access Control of Third-Party AcceleratorsProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3614311(32-48)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3614311
Naghibijouybari HKoruyeh EAbu-Ghazaleh N(2022)Microarchitectural Attacks in Heterogeneous Systems: A SurveyACM Computing Surveys10.1145/354410255:7(1-40)Online publication date: 15-Dec-2022
https://dl.acm.org/doi/10.1145/3544102
Zhao MGao MKozyrakis CFalsafi BFerdman MLu SWenisch T(2022)ShEF: shielded enclaves for cloud FPGAsProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507733(1070-1085)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507733
Ma HTian JGao DJia C(2022)On the Effectiveness of Using Graphics Interrupt as a Side Channel for User Behavior SnoopingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.309115919:5(3257-3270)Online publication date: 1-Sep-2022
https://doi.org/10.1109/TDSC.2021.3091159
Akram AAkella VPeisert SLowe-Power J(2022)SoK: Limitations of Confidential Computing via TEEs for High-Performance Compute Systems2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED55351.2022.00018(121-132)Online publication date: Sep-2022
https://doi.org/10.1109/SEED55351.2022.00018
Piccolboni LGiri DCarloni L(2022)Accelerators & Security: The Socket ApproachIEEE Computer Architecture Letters10.1109/LCA.2022.317994721:2(65-68)Online publication date: 1-Jul-2022
https://doi.org/10.1109/LCA.2022.3179947
Zhang QWang JKim MSpinellis DGousios GChechik MDi Penta M(2021)HeteroFuzz: fuzz testing to detect platform dependent divergence for heterogeneous applicationsProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468610(242-254)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3468610
Li BYin JZhang YTang X(2021)Improving Address Translation in Multi-GPUs via Sharing and Spilling aware TLB DesignMICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3466752.3480083(1154-1168)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3466752.3480083
Sinha MBhattacharyya PRout SPrakriya NDeb S(2021)Securing an Accelerator-rich System from Flooding-based Denial-of-Service AttacksIEEE Transactions on Emerging Topics in Computing10.1109/TETC.2021.3049826(1-1)Online publication date: 2021
https://doi.org/10.1109/TETC.2021.3049826
Gupta SBhattacharyya AOh YBhattacharjee AFalsafi BPayer MMartínez JDuato JJohn L(2021)Rebooting virtual memory with midgardProceedings of the 48th Annual International Symposium on Computer Architecture10.1109/ISCA52012.2021.00047(512-525)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1109/ISCA52012.2021.00047
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents