Computer users are becoming increasingly aware of and concerned for the security of their computer systems. While many security software packages are available, they are ineffective in protecting against an emerging class of security attacks that involve directly tampering with the physical operation of the system. Such hardware attacks have been demonstrated to be feasible and relatively easy to perform in breaking the Digital Rights Management features in game consoles, and in breaking the security features of a version of a secure processor DS5002FP. These hardware attacks may involve inserting a device on the communication path between the microprocessor and other chips to passively snoop their communication, or to actively modify data communication between the processor and other chips. Various schemes were proposed in prior work to provide architectural support for data security and to protect against such hardware attacks. However, such protection schemes usually come with high performance overhead and prohibit the wide adoption of the secure systems. In particular, cryptographic latency was added directly to the memory access latency and introduced significant degradation of the system performance for memory intensive applications.

In more recent work, schemes were proposed to reduce the performance overhead through parallelizing the cryptographic operations with memory accesses. However, such schemes usually require a significant on-chip storage area for storing additional security related data. Although these schemes realized performance improvement for secure architectural support, the additional cost of on-chip storage area still is a big obstacle to the wide adoption of the secure systems. We believe secure architectural support can be provided efficiently and effectively without either significant performance degradation or noticeable increase in on-chip area cost. This thesis explores architectural level optimizations to make secure systems more efficient, secure and affordable. It extends prior work for secure architecture in several areas.

It proposes a new combined memory encryption and authentication scheme which uses very small on-chip storage area and incurs much less performance overhead compared with prior work. In addition, the thesis studies the issues of applying architectural support for data security to distributed shared memory systems. It presents a scheme which is scalable with large-scale systems and only introduces negligible performance overhead for confidentiality and integrity protection. Furthermore, the thesis also investigates another source of reducing performance overhead in secure systems through optimizing on-chip caching schemes and minimizing off-chip communications.