Jintide: Utilizing Low-Cost Reconfigurable External Monitors to Substantially Enhance Hardware Security of Large-Scale CPU Clusters

Abstract

Nowadays, hardware security has become a serious concern for modern CPUs. State-of-the-art detection approaches rely heavily on trustworthy and intimate internal states, incurring significant design/operation overheads and additional risks to security and intellectual property. This article proposes an architecture called Jintide, which utilizes trusted external monitors to validate an untrusted CPU chip at runtime. This architecture records, replays, and analyzes the CPU’s IO and memory behavior with the architectural states. The Jintide simultaneously verifies whether the records are correctly replayed with the instruction set architecture and whether the records involve malicious behavior. Consequently, not only architectural but also micro-architectural threats can be detected. The Jintide adopts the states from the untrusted source because it has a built-in function to detect spurious states. The monitors comprise three types of chips (with 28-/40-nm TSMC technology): a tracer chip to record the behavior of IO ports, multiple tracer chips to record the behavior of DDR4 DIMMs, and a reconfigurable chip to verify these records with software states. As runtime external monitors, the Jintide would be especially suitable to constitute distributed large-scale clusters, which can amortize operation overheads. This scheme is effective in detecting pervasive hardware security issues, including vulnerabilities, backdoors, and hardware Trojans. The measured results show that a system composed of 300 000 Jintide CPUs containing Intel Xeon Skylake processors can detect over 99.8% of recognizable attacks at the cost of 0.98% performance loss. Hence, the Jintide is an extensible, low-cost, and effective solution to improve the hardware security of large-scale CPU clusters.