Abstract
This UCF invention introduces IvLeague, a secure processor
architecture designed to prevent attackers from exploiting shared metadata
structures. It introduces TreeLings—independent integrity subtrees—to isolate
security domains and uses optimizations to maintain high performance. In an era
where data breaches exploit even the smallest architectural weaknesses,
securing metadata is paramount. IvLeague addresses this challenge with a
groundbreaking approach that scales to thousands of domains and integrates seamlessly
with trusted execution environments (TEEs).
Technical Details: IvLeague employs TreeLings - independent integrity subtrees
dynamically allocated to security domains. Each TreeLing root is stored
on-chip, preventing metadata leakage. Components include an Assignment Table
for TreeLing mapping, Node Free-list (NFL) for efficient node allocation, and
Leaf Mapping Metadata (LMM) embedded in page tables for direct mapping.
Optimizations include IvLeague-Invert for shorter verification paths and
IvLeague-Pro for hotpage migration. Hardware overhead is minimal and performance
impact is negligible compared to baseline secure architectures.
Benefit
Side-Channel Resistance: Eliminates timing leakage from shared metadata structures.Performance Efficiency: Up to 19% IPC improvement with IvLeague-Pro optimization.Scalable Design: Supports thousands of domains with dynamic TreeLing allocation.Low Hardware Overhead: Adds less than 0.4 mm² to processor area.Market Application
Cloud Computing: Secure multi-tenant environments with strong isolation.Defense Systems: Protect sensitive workloads from privileged attackers.Financial Services: Secure cryptographic operations against timing attacks.Healthcare: Safeguard patient data in trusted execution environments.
Brochure
