Border Control: Sandboxing Accelerators

Paper on IEEE Xplore Local Download

Abstract

As hardware accelerators proliferate, there is a desire to logically integrate them more tightly with CPUs through interfaces such as shared virtual memory. Although this integration has programmability and performance benefits, it may also have serious security and fault isolation implications, especially when accelerators are designed by third parties. Unchecked, accelerators could make incorrect memory accesses, causing information leaks, data corruption, or crashes not only for processes running on the accelerator, but for the rest of the system as well. Unfortunately, current security solutions are insufficient for providing memory protection from tightly integrated untrusted accelerators. We propose Border Control, a sandboxing mechanism which guarantees that the memory access permissions in the page table are respected by accelerators, regardless of design errors or malicious intent. Our hardware implementation of Border Control provides safety against improper memory accesses with a space overhead of only 0.006% of system physical memory per accelerator. We show that when used with a current highly demanding accelerator, this initial Border Control implementation has on average a 0.15% runtime overhead relative to the unsafe baseline.

Lena E. Olson, Jason Power, Mark D. Hill and David A. Wood, “Border control: Sandboxing accelerators,” 2015 48th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), Waikiki, HI, 2015, pp. 470-481. doi: 10.1145/2830772.2830819

@inproceedings{border-control:Olson:2015,
    author = {Lena E. Olson and Jason Power and Mark D. Hill and David A. Wood},
    title = {Border Control: Sandboxing Accelerators},
    booktitle = {Proceedings of the 48th International Symposium on Microarchitecture},
    series = {MICRO-48},
    year = {2015},
    isbn = {978-1-4503-4034-2},
    location = {Waikiki, Hawaii},
    pages = {470--481},
    numpages = {12},
    url = {http://doi.acm.org/10.1145/2830772.2830819},
    doi = {10.1145/2830772.2830819},
    acmid = {2830819},
    publisher = {ACM},
    address = {New York, NY, USA},
} 

Updated: