Compiler-Assisted Memory Encryption for Embedded Processors [chapter]

Vijay Nagarajan, Rajiv Gupta, Arvind Krishnaswamy
2009 Lecture Notes in Computer Science  
A critical component in the design of secure processors is memory encryption which provides protection for the privacy of code and data stored in off-chip memory. The overhead of the decryption operation that must precede a load requiring an off-chip memory access, decryption being on the critical path, can significantly degrade performance. Recently hardware counterbased one-time pad encryption techniques [13, 16, 11] have been proposed to reduce this overhead. For high-end processors the
more » ... rmance impact of decryption has been successfully limited due to: presence of fairly large on-chip L1 and L2 caches that reduce off-chip accesses; and additional hardware support proposed in [16, 11] to reduce decryption latency. However, for low-to medium-end embedded processors the performance degradation is high because first they only support small (if any) on-chip L1 caches thus leading to significant off-chip accesses and second the hardware cost of decryption latency reduction solutions in [16, 11] is too high making them unattractive for embedded processors. In this paper we present a compilerassisted strategy that uses minimal hardware support to reduce the overhead of memory encryption in low-to medium-end embedded processors. In addition to the global counter used in [13], our technique uses additional counters. These counters, which are compiler controlled, are maintained using a small number of dedicated on-chip registers. Our experiments show that the proposed technique reduces average execution time overhead of memory encryption for low-end (medium-end) embedded processor with 0 KB (32 KB) L1 cache from 60% (13.1%), with single counter, to 12.5% (2.1%) by additionally using only 8 hardware counter-registers.
doi:10.1007/978-3-642-00904-4_3 fatcat:zt7euil7jzeixbgete5zx3xpyu