Abstract
Ensuring the correct execution of a program running on untrusted computing platforms, wherein the OS, hypervisor, and all off-CPU-chip hardware, including memory, are untrusted, (also) requires protecting the integrity of the memory content against replay attacks. This requires dedicated tracking structures and in-chip state storage. For this purpose, integrity trees are used in various forms, varying in complexity, size, and performance; yet, existing integrity trees do not address distributed, shared-memory computations, for which one must also ensure the integrity of the coherence state of the memory. Observing that a block not residing at a given node merely needs to be known by that node as such, we present the novel Distributed Integrity Tree (DIT) method, and show that it can be used effectively to extend existing integrity trees to parallel and distributed environments. Using DIT, we constructed a Distributed Merkle Tree, a Distributed Bonsai Merkle Tree, and a distributed Intel SGX's Memory Encryption Engine integrity mechanism. All these extensions entail negligible overhead.
| Original language | English |
|---|---|
| Pages (from-to) | 159-162 |
| Number of pages | 4 |
| Journal | IEEE Computer Architecture Letters |
| Volume | 17 |
| Issue number | 2 |
| DOIs | |
| State | Published - 1 Jul 2018 |
Keywords
- Distributed computing
- computer security
- integrity tree
- shared memory
ASJC Scopus subject areas
- Hardware and Architecture