Industry is moving towards large-scale systems where processor cores, memories, accelerators, etc.\ are bundled via 2.5D integration. These various components are fabricated separately as chiplets and then integrated using an interconnect carrier, a so-called interposer. This new design style provides benefits in terms of yield as well as economies of scale, as chiplets may come from various third-party vendors, and be integrated into one sophisticated system. The benefits of this approach, however, come at the cost of new challenges for the system's security and integrity when many third-party component chiplets, some from not fully trusted vendors, are integrated. Here, we explore these challenges, but also promises, for modern interposer-based systems of cache-coherent, multi-core chiplets. First, we introduce a new, coherence-based attack, GETXspy, wherein a single compromised chiplet can expose a high-bandwidth side/covert-channel in an ostensibly secure system. We further show that prior art is insufficient to stop this new attack. Second, we propose using an active interposer as generic, secure-by-construction platform that forms a physical root of trust for modern 2.5D systems. Our scheme has limited overhead, restricted to the active interposer, allowing the chiplets and the coherence system to remain untouched. We show that our scheme prevents a wide range of attacks, including but not limited to our GETXspy attack, with little overhead on system performance, $\sim$4\%. This overhead reduces as workloads increase, ensuring scalability of the scheme.
翻译:工业正在走向大规模系统, 处理器核心、 记忆、 加速器等等通过 2.5D 集成捆绑起来。 这些不同的部件是作为芯片单独制造的, 然后使用一个互连的运货员, 即所谓的内插器。 这种新的设计风格在产量和规模经济方面都带来了好处, 因为芯片可能来自各种第三方供应商, 并被纳入一个复杂的系统。 然而, 这种方法的好处是, 以系统高层的难度和完整性为代价, 当许多第三方部件芯片, 有些来自不完全信任的供应商, 被整合在一起时, 。 在这里, 我们探索这些挑战, 但也承诺, 使用现代的内存器系统, 以缓存和多芯片为基础。 首先, 我们引入一种新的基于一致性的攻击, GETX, 将单一的芯片暴露出一个高带宽的侧/ 隐蔽管道, 在一个表面上安全的系统中。 我们进一步表明, 以前的艺术还不足以阻止这种新的攻击。 其次, 我们提议使用一个活跃的系统内部系统, 包括 固定的系统, 秘密的直路路路路平台 。