Memory-centric security architecture

This article presents a new security model called MESA for protecting software confidentiality and integrity. Different from the previous process-centric systems designed for the same purpose, MESA ties cryptographic properties and security attributes to memory instead of each individual user process. The advantages of such a memory-centric design over the process-centric designs are many folds. First, it allows better access control on software privacy, which supports both selective and mixed tamper resistant protection on software components coming from heterogenous sources. Second, the new model supports and facilities tamper resistant secure information sharing in an open software system where both data and code components could be shared by different user processes. Third, the proposed security model and secure processor design allow software components protected with different security policies to inter-operate within the same memory space efficiently. The architectural support for MESA requires small silicon resources and its performance impact is minimal based on our experimental results using commercial MS Windows workloads and cycle based out-of-order processor simulator.