While hardware resources for computation and data storage are now abundant, economic factors prevent specialized hardware security mechanisms from being integrated into commodity parts. System owners are caught between the need to exploit cheap, fast, commodity microprocessors and the need to ensure that critical security properties hold.
This research will explore a novel way to augment commodity hardware after fabrication to enhance secure operation. The basic approach is to add a separate silicon layer, housing select security features, onto an existing integrated circuit. This 3-D Integration decouples the function and economics of security policy enforcement from the underlying computing hardware. As a result, security enhancements are manufacturing options applicable only to those systems that require them, which resolves the economic quandary. We plan to identify a minimal and realizable set of circuit-level security capabilities enabled by this approach, which can be judiciously controlled by the software layers. This will significantly assist in reducing both the software complexity often associated with security mechanisms and system vulnerabilities. This research introduces a fundamentally new method to incorporate security mechanisms into hardware and has the potential to significantly shift the economics of trustworthy systems. A broader impact will result through collaborative and educational activities. Graduate and undergraduate student research associates will transfer knowledge to future teachers, researchers and Information Assurance professionals; and project publications will provide direct technical transfer to the embedded-systems and hardware-design communities.
3-D circuit-level integration is a chip fabrication technique in which two or more dies are stacked and combined into a single circuit through the use of vertical electro-conductive posts. Since the dies may be manufactured separately, 3-D circuit integration offers the option of enhancing a commodity processor with a variety of security and reliability functions. A wide range of enhancements are possible, including a secure alternate service, and isolation & protection. The PIs made significant progress in achieving their research objectives. Specifically, they were able to develop a framework with which the function, economics, and complexity of security features can be isolated from the underlying computing hardware, and can be managed as customer-selectable fabrication options. Similar to co-processors, the lineage (e.g., venue of manufacture) of the additional layers is also separated from the commodity layer, enabling customized enhancement of the developmental assurance and reliability of add-on features. Towards this goal, the PIs developed of a set of circuit-level primitives that allow one layer to disable, tap, reroute, and override another layer (assuming that both layers have been designed to accept such modification). In summary, the key advantages of 3-D integration are (1) high bandwidth and low latency; (2) direct, granular access to chip features; and (3) controlled lineage (e.g., use of a trusted foundry). Additionally, the PIs find the following general advantages: (4) the ability to change the economics of developing critical systems; (5) application-specific security enhancements to commodity hardware; (6) the ability to decouple security and non-security functionality, thus simplifying the design; (7) the ability to create "interfaces" to the commodity processor at chosen locations; (8) the ability to combine independently optimized dies into a single stack; and (9) the ability to reduce delay by locating electrical functions on the control plane close to their counterparts on the computation plane. In addition, all hardware security approaches share the advantages that, when they are designed to do so, they have the ability to operate below the lowest level of the software stack in terms of privilege and dependency; and they can impose strong spatial separation on the software components. Challenges specific to 3-D integration include (1) thermal cost, (2) design expense, (3) yield loss, (4) testing, and (5) the delivery of power and I/O.
