HashTag: Hash-based Integrity Protection for Tagged Architectures

Lukas Lamster*, Martin Unterguggenberger, David Schrammel, Stefan Mangard

*Korrespondierende/r Autor/-in für diese Arbeit

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

Modern computing systems rely on error-correcting codes to ensure the integrity of DRAM data. Linear checksums allow for fast detection and correction of specific error patterns. However, they do not offer sufficient protection against complex errors distributed over multiple data words and chips. Depending on the code and the error pattern, linear codes may fail to detect or even miscorrect errors, thus leading to silent data corruption. In this work, we show how compact error-correcting codes based on low-latency hashing functions allow for strong probabilistic error detection and correction while facilitating ECC bit repurposing. Our proposed design drastically lowers the expected rate of undetected errors, regardless of the underlying error patterns. By tailoring the size of our codes to the required level of integrity protection, we are able to free bits that would otherwise be required to store ECC data. We showcase how our design facilitates the efficient implementation of tagged memory architectures such as CHERI, ARM MTE, and SPARC ADI by repurposing the freed bits in commodity ECC DRAM. Thus, we harden systems against data corruption due to DRAM faults while simultaneously allowing for memory tagging without introducing additional memory accesses. We present a systematic analysis of schemes that allow memory tagging on a cache line granularity while maintaining error detection and correction capabilities, even in multi-bit fault scenarios. We evaluate our integrity protection with tagging for different use cases and show that we can store 32 bits of additional tags per cache line, twice the amount needed to implement ARM's MTE, without significantly affecting error correction capabilities. We also show how up to 51 bits can be made available while maintaining single-bit error correction.
Originalspracheenglisch
TitelProceedings of the 32nd USENIX Security Symposium
Herausgeber (Verlag)USENIX Association
Seiten2797-2814
ISBN (elektronisch)978-1-939133-37-3
PublikationsstatusVeröffentlicht - 15 Mai 2023
Veranstaltung32nd USENIX Security Symposium: USENIX Security 2023 - Anaheim, USA / Vereinigte Staaten
Dauer: 9 Aug. 202311 Aug. 2023

Konferenz

Konferenz32nd USENIX Security Symposium
KurztitelUSENIX Security '23
Land/GebietUSA / Vereinigte Staaten
OrtAnaheim
Zeitraum9/08/2311/08/23

Fingerprint

Untersuchen Sie die Forschungsthemen von „HashTag: Hash-based Integrity Protection for Tagged Architectures“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren