Polydoros Petrakis - Academia.edu (original) (raw)
Papers by Polydoros Petrakis
In the future almost every consumer electronics device will be connected to an ecosystem of third... more In the future almost every consumer electronics device will be connected to an ecosystem of third-party partners providing services such as payment, streaming content, and so on. Present work aims to expose the foundations of a secure environment by ensuring security on the edge devices. MPSoCs are widely used in edge devices due to their capability to execute multiple applications in single-chips. To achieve the targeted security level against physical adversaries, all communications between the MPSoC and its environment must be protected. In an MPSoC multiple processing elements such as CPUs send requests to different on-chip memories. Network-on-chip has been proposed for MPSoC design, aiming at increasing performance and reducing power compared to on-chip buses. Tailoring the NoC to application(s) takes place usually at designtime. The selection of NoC parameter values affects both performance and power, while configuring them unwisely can result in unnecessary area overhead and chip cost. In the present work we concentrate on a commercial interconnect called STNoC from STMicroelectronics. We keep the NoC parameters fixed, and we explore the effects from the variation of other parameters, such as the injection rate of the packets transmitted by the CPUs, and the activation/deactivation of a security mechanism integrated in the network interface of the NoC, for multiple traffic scenarios with each one representing different amount of legal and malicious requests, for different mappings, and for different node setups. Experimental results, reveal the conditions under which the NoC starts experiencing saturation phenomena.
2017 13th Workshop on Intelligent Solutions in Embedded Systems (WISES), 2017
Network firewall rules are usually written by administrators or automated intrusion detection sys... more Network firewall rules are usually written by administrators or automated intrusion detection systems and often contain inconsistencies. Therefore, it is fundamental to ensure that only an absolutely correct configuration is active. In this paper, we design an open source conflict resolution framework (C application and Linux firewall kernel module on top of netfilter) that can be used as a constant independent system auditor, automatically detecting and resolving conflicts in firewall rules. Preliminary analysis from our implementation on ARM-based embedded systems examines efficiency and scalability of our framework.
Abstract—In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as o... more Abstract—In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as on-chip memory or I/O devices. Along with normal requests, malevolent ones, generated by malicious processes running in one or more CPUs, could occur. A protection mechanism is therefore required to prevent injection of malicious instructions or data across the system. We propose a self-contained Network-on-Chip (NoC) firewall at the network interface (NI) layer which, by checking the physical address against a set of rules, rejects untrusted CPU requests to the on-chip memory, thus protecting all legitimate processes running in a multicore SoC. To sustain high performance, we implement the firewall in hardware, with rule-checking performed at segment-level based on deny rules. Furthermore, to evaluate its impact, we develop a novel framework on top of gem5 simulation environ-ment, coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics ...
2021 International Workshop on Performance Modeling, Benchmarking and Simulation of High Performance Computer Systems (PMBS), 2021
2017 12th IEEE International Symposium on Industrial Embedded Systems (SIES), 2017
Mobile health monitoring technology has the potential to bring a doctor’s office to the patient’s... more Mobile health monitoring technology has the potential to bring a doctor’s office to the patient’s smartphone. In this context, we consider an end-to-end soft real-time out-ofhospital use-case that concerns transmission of patient ECG data from ST BodyGateway pulse sensor via an Android device (Patient App) to a Cloud server for ECG analysis and annotation and then to another Android device (Doctor App) for visualization. Using a prototype featuring ARMv7 technology (two Odroid-XU4s for Patient and Doctor App and one Zedboard FPGA board for server), we evaluate real-time performance and security overheads for supporting confidentiality, integrity and patient anonymity.
2015 12th International Workshop on Intelligent Solutions in Embedded Systems (WISES), 2015
Efficient parallel execution of scientific and transaction-oriented applications requires reducin... more Efficient parallel execution of scientific and transaction-oriented applications requires reducing communication/synchronization overheads by improving locality using explicit methods that capturet underlying access patterns. In this work, we propose low-cost hardware that supports load balancing and parallel broadcast/scatter macro-operations. We evaluate these primitives using a cycle-accurate SystemC virtual platform of a multicore System-on-Chip (SoC) that interconnects cycle-accurate processor models (Cortex-A9) and a memory hierarchy via a hypercube Network-on-Chip (NoC). Results from executing a typical parallel matrix multiplication benchmark on a small-range embedded multicore SoC, indicate average execution time improvements of 25% for load balancing, 21% for broadcast/scatter primitives and 50% collectively, when utilizing both primitives. While load balancing relies only on remote shared-memory access principles, synthesis on Zedboard's Zynq 7020 FPGA indicates a ver...
New generations of NoC-based platforms incorporate address interleaving, which enables balancing ... more New generations of NoC-based platforms incorporate address interleaving, which enables balancing transactions between the memory nodes. The memory space is distributed in different nodes of the NoC, and accessed alternately by each on-chip initiator. A memory node is accessed depending on the transaction request address through a memory map. Interleaving can allow for efficient use of NoC bandwidth and congestion reduction, and we study whether its gains scale over system size. In this work we concentrate on an instance of a customizable pointto-point interconnect from STMicroelectronics called STNoC. We first evaluate a setup with 4 CPU initiators and 4 memories, and show that interleaving relieves the NoC from congestion and permits higher packet injection rates. We also show that this depends on the number of packets sent per transaction by an initiator prior to changing destination memory node; this is called interleaving step. We then enriched the setup with several DMA engines...
2015 12th International Workshop on Intelligent Solutions in Embedded Systems (WISES), 2015
Security services are typically based on deploying different types of modules, e.g. firewall, int... more Security services are typically based on deploying different types of modules, e.g. firewall, intrusion detection or prevention systems, or cryptographic function accelerators. In this study, we focus on extending the functionality of a hardware Network-on-Chip (NoC) Firewall on the Zynq 7020 FPGA of a Zedboard. The NoC Firewall checks the physical address and rejects untrusted CPU requests to on-chip memory, thus protecting legitimate processes running in a multicore SoC from the injection of malicious instructions or data to shared memory. Based on a validated kernel-space Linux system driver of the NoC Firewall which is seen as a reconfigurable, memory-mapped device on top of AMBA AXI4 interconnect fabric, we develop higher-layer security services that focus on physical address protection based on a set of rules. While our primary scenario concentrates on monitors and actors related to protection from malicious (or corrupt) drivers, other interesting use cases related to healthca...
Distributed Real-Time Architecture for Mixed-Criticality Systems, 2018
Electronic Design Automation for IC System Design, Verification, and Testing, 2016
2016 IEEE 27th International Conference on Application-specific Systems, Architectures and Processors (ASAP), 2016
We propose the integration of a network-on-chipbased MPSoC in mixed-criticality systems, i.e. sys... more We propose the integration of a network-on-chipbased MPSoC in mixed-criticality systems, i.e. systems running applications with different criticality levels in terms of completing their execution within predefined time limits. An MPSoC contains tiles that can be either CPUs or memories, and we connect them with an instance of a customizable point-to-point interconnect from STMicroelectronics called STNoC. We explore whether the on-chip network capacity is sufficient for meeting the deadlines of external high critical workloads, and at the same time for serving less critical workloads that are generated internally. To evaluate the on-chip network we vary its configuration parameters, such as the link-width, and the Quality-of-Service (QoS), in specific the number (1 or 2) and type (high or low priority) of virtual channels (VCs), and the relative priority of packets from different flows sharing the same VC.
2016 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC), 2016
2015 IEEE Conference on Communications and Network Security (CNS), 2015
In the future almost every consumer electronics device will be connected to an ecosystem of third... more In the future almost every consumer electronics device will be connected to an ecosystem of third-party partners providing services such as payment, streaming content, and so on. Present work aims to expose the foundations of a secure environment by ensuring security on the edge devices. MPSoCs are widely used in edge devices due to their capability to execute multiple applications in single-chips. To achieve the targeted security level against physical adversaries, all communications between the MPSoC and its environment must be protected. In an MPSoC multiple processing elements such as CPUs send requests to different on-chip memories. Network-on-chip has been proposed for MPSoC design, aiming at increasing performance and reducing power compared to on-chip buses. Tailoring the NoC to application(s) takes place usually at designtime. The selection of NoC parameter values affects both performance and power, while configuring them unwisely can result in unnecessary area overhead and chip cost. In the present work we concentrate on a commercial interconnect called STNoC from STMicroelectronics. We keep the NoC parameters fixed, and we explore the effects from the variation of other parameters, such as the injection rate of the packets transmitted by the CPUs, and the activation/deactivation of a security mechanism integrated in the network interface of the NoC, for multiple traffic scenarios with each one representing different amount of legal and malicious requests, for different mappings, and for different node setups. Experimental results, reveal the conditions under which the NoC starts experiencing saturation phenomena.
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2015
In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as on-chip me... more In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as on-chip memory or I/O devices. Along with normal requests, malevolent ones, generated by malicious processes running in one or more CPUs, could occur. A protection mechanism is therefore required to prevent injection of malicious instructions or data across the system. We propose a self-contained Network-on-Chip (NoC) firewall at the network interface (NI) layer which, by checking the physical address against a set of rules, rejects untrusted CPU requests to the onchip memory, thus protecting all legitimate processes running in a multicore SoC. To sustain high performance, we implement the firewall in hardware, with rule-checking performed at segmentlevel based on deny rules. Furthermore, to evaluate its impact, we develop a novel framework on top of gem5 simulation environment, coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics (STNoC). Simulation tests include scenarios in which legitimate and malicious processes, running in different CPUs, request access to shared memory. Our results indicate that a firewall implementation at the NI can have a positive effect on network performance by reducing both end-to-end network delay and power consumption. We also show that our coarse-grain firewall can prevent saturation of the on-chip network and performs better than fine-grain alternatives that perform rule checking at page-level. Simulation results are accompanied with field measurements performed on a Zedboard platform running Linux, whereas the NoC Firewall is implemented as a reconfigurable, memory-mapped device on top of AMBA AXI4 interconnect fabric.
2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS), 2014
International Journal of Semantic Computing, 2014
The ramification problem in Artificial Intelligence is concerned with the indirect effects of an ... more The ramification problem in Artificial Intelligence is concerned with the indirect effects of an action. It has been shown in previous work that the ramification problem can be solved with the use of integrity constraints and actions representation. In this paper we begin with a quick review of the existing Description Logic Languages, and then we describe a Temporal Extension of Description Logics, able to represent integrity constraints, temporalized actions and non persistent effects. We describe a thorough solution to the ramification problem in Temporal Settings expressed in Temporal Description Logics. The solution also deals with the hard case, in which the effects of an action change the belief about the past.
2013 Euromicro Conference on Digital System Design, 2013
ABSTRACT
2013 Euromicro Conference on Digital System Design, 2013
ABSTRACT
In the future almost every consumer electronics device will be connected to an ecosystem of third... more In the future almost every consumer electronics device will be connected to an ecosystem of third-party partners providing services such as payment, streaming content, and so on. Present work aims to expose the foundations of a secure environment by ensuring security on the edge devices. MPSoCs are widely used in edge devices due to their capability to execute multiple applications in single-chips. To achieve the targeted security level against physical adversaries, all communications between the MPSoC and its environment must be protected. In an MPSoC multiple processing elements such as CPUs send requests to different on-chip memories. Network-on-chip has been proposed for MPSoC design, aiming at increasing performance and reducing power compared to on-chip buses. Tailoring the NoC to application(s) takes place usually at designtime. The selection of NoC parameter values affects both performance and power, while configuring them unwisely can result in unnecessary area overhead and chip cost. In the present work we concentrate on a commercial interconnect called STNoC from STMicroelectronics. We keep the NoC parameters fixed, and we explore the effects from the variation of other parameters, such as the injection rate of the packets transmitted by the CPUs, and the activation/deactivation of a security mechanism integrated in the network interface of the NoC, for multiple traffic scenarios with each one representing different amount of legal and malicious requests, for different mappings, and for different node setups. Experimental results, reveal the conditions under which the NoC starts experiencing saturation phenomena.
2017 13th Workshop on Intelligent Solutions in Embedded Systems (WISES), 2017
Network firewall rules are usually written by administrators or automated intrusion detection sys... more Network firewall rules are usually written by administrators or automated intrusion detection systems and often contain inconsistencies. Therefore, it is fundamental to ensure that only an absolutely correct configuration is active. In this paper, we design an open source conflict resolution framework (C application and Linux firewall kernel module on top of netfilter) that can be used as a constant independent system auditor, automatically detecting and resolving conflicts in firewall rules. Preliminary analysis from our implementation on ARM-based embedded systems examines efficiency and scalability of our framework.
Abstract—In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as o... more Abstract—In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as on-chip memory or I/O devices. Along with normal requests, malevolent ones, generated by malicious processes running in one or more CPUs, could occur. A protection mechanism is therefore required to prevent injection of malicious instructions or data across the system. We propose a self-contained Network-on-Chip (NoC) firewall at the network interface (NI) layer which, by checking the physical address against a set of rules, rejects untrusted CPU requests to the on-chip memory, thus protecting all legitimate processes running in a multicore SoC. To sustain high performance, we implement the firewall in hardware, with rule-checking performed at segment-level based on deny rules. Furthermore, to evaluate its impact, we develop a novel framework on top of gem5 simulation environ-ment, coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics ...
2021 International Workshop on Performance Modeling, Benchmarking and Simulation of High Performance Computer Systems (PMBS), 2021
2017 12th IEEE International Symposium on Industrial Embedded Systems (SIES), 2017
Mobile health monitoring technology has the potential to bring a doctor’s office to the patient’s... more Mobile health monitoring technology has the potential to bring a doctor’s office to the patient’s smartphone. In this context, we consider an end-to-end soft real-time out-ofhospital use-case that concerns transmission of patient ECG data from ST BodyGateway pulse sensor via an Android device (Patient App) to a Cloud server for ECG analysis and annotation and then to another Android device (Doctor App) for visualization. Using a prototype featuring ARMv7 technology (two Odroid-XU4s for Patient and Doctor App and one Zedboard FPGA board for server), we evaluate real-time performance and security overheads for supporting confidentiality, integrity and patient anonymity.
2015 12th International Workshop on Intelligent Solutions in Embedded Systems (WISES), 2015
Efficient parallel execution of scientific and transaction-oriented applications requires reducin... more Efficient parallel execution of scientific and transaction-oriented applications requires reducing communication/synchronization overheads by improving locality using explicit methods that capturet underlying access patterns. In this work, we propose low-cost hardware that supports load balancing and parallel broadcast/scatter macro-operations. We evaluate these primitives using a cycle-accurate SystemC virtual platform of a multicore System-on-Chip (SoC) that interconnects cycle-accurate processor models (Cortex-A9) and a memory hierarchy via a hypercube Network-on-Chip (NoC). Results from executing a typical parallel matrix multiplication benchmark on a small-range embedded multicore SoC, indicate average execution time improvements of 25% for load balancing, 21% for broadcast/scatter primitives and 50% collectively, when utilizing both primitives. While load balancing relies only on remote shared-memory access principles, synthesis on Zedboard's Zynq 7020 FPGA indicates a ver...
New generations of NoC-based platforms incorporate address interleaving, which enables balancing ... more New generations of NoC-based platforms incorporate address interleaving, which enables balancing transactions between the memory nodes. The memory space is distributed in different nodes of the NoC, and accessed alternately by each on-chip initiator. A memory node is accessed depending on the transaction request address through a memory map. Interleaving can allow for efficient use of NoC bandwidth and congestion reduction, and we study whether its gains scale over system size. In this work we concentrate on an instance of a customizable pointto-point interconnect from STMicroelectronics called STNoC. We first evaluate a setup with 4 CPU initiators and 4 memories, and show that interleaving relieves the NoC from congestion and permits higher packet injection rates. We also show that this depends on the number of packets sent per transaction by an initiator prior to changing destination memory node; this is called interleaving step. We then enriched the setup with several DMA engines...
2015 12th International Workshop on Intelligent Solutions in Embedded Systems (WISES), 2015
Security services are typically based on deploying different types of modules, e.g. firewall, int... more Security services are typically based on deploying different types of modules, e.g. firewall, intrusion detection or prevention systems, or cryptographic function accelerators. In this study, we focus on extending the functionality of a hardware Network-on-Chip (NoC) Firewall on the Zynq 7020 FPGA of a Zedboard. The NoC Firewall checks the physical address and rejects untrusted CPU requests to on-chip memory, thus protecting legitimate processes running in a multicore SoC from the injection of malicious instructions or data to shared memory. Based on a validated kernel-space Linux system driver of the NoC Firewall which is seen as a reconfigurable, memory-mapped device on top of AMBA AXI4 interconnect fabric, we develop higher-layer security services that focus on physical address protection based on a set of rules. While our primary scenario concentrates on monitors and actors related to protection from malicious (or corrupt) drivers, other interesting use cases related to healthca...
Distributed Real-Time Architecture for Mixed-Criticality Systems, 2018
Electronic Design Automation for IC System Design, Verification, and Testing, 2016
2016 IEEE 27th International Conference on Application-specific Systems, Architectures and Processors (ASAP), 2016
We propose the integration of a network-on-chipbased MPSoC in mixed-criticality systems, i.e. sys... more We propose the integration of a network-on-chipbased MPSoC in mixed-criticality systems, i.e. systems running applications with different criticality levels in terms of completing their execution within predefined time limits. An MPSoC contains tiles that can be either CPUs or memories, and we connect them with an instance of a customizable point-to-point interconnect from STMicroelectronics called STNoC. We explore whether the on-chip network capacity is sufficient for meeting the deadlines of external high critical workloads, and at the same time for serving less critical workloads that are generated internally. To evaluate the on-chip network we vary its configuration parameters, such as the link-width, and the Quality-of-Service (QoS), in specific the number (1 or 2) and type (high or low priority) of virtual channels (VCs), and the relative priority of packets from different flows sharing the same VC.
2016 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC), 2016
2015 IEEE Conference on Communications and Network Security (CNS), 2015
In the future almost every consumer electronics device will be connected to an ecosystem of third... more In the future almost every consumer electronics device will be connected to an ecosystem of third-party partners providing services such as payment, streaming content, and so on. Present work aims to expose the foundations of a secure environment by ensuring security on the edge devices. MPSoCs are widely used in edge devices due to their capability to execute multiple applications in single-chips. To achieve the targeted security level against physical adversaries, all communications between the MPSoC and its environment must be protected. In an MPSoC multiple processing elements such as CPUs send requests to different on-chip memories. Network-on-chip has been proposed for MPSoC design, aiming at increasing performance and reducing power compared to on-chip buses. Tailoring the NoC to application(s) takes place usually at designtime. The selection of NoC parameter values affects both performance and power, while configuring them unwisely can result in unnecessary area overhead and chip cost. In the present work we concentrate on a commercial interconnect called STNoC from STMicroelectronics. We keep the NoC parameters fixed, and we explore the effects from the variation of other parameters, such as the injection rate of the packets transmitted by the CPUs, and the activation/deactivation of a security mechanism integrated in the network interface of the NoC, for multiple traffic scenarios with each one representing different amount of legal and malicious requests, for different mappings, and for different node setups. Experimental results, reveal the conditions under which the NoC starts experiencing saturation phenomena.
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2015
In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as on-chip me... more In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as on-chip memory or I/O devices. Along with normal requests, malevolent ones, generated by malicious processes running in one or more CPUs, could occur. A protection mechanism is therefore required to prevent injection of malicious instructions or data across the system. We propose a self-contained Network-on-Chip (NoC) firewall at the network interface (NI) layer which, by checking the physical address against a set of rules, rejects untrusted CPU requests to the onchip memory, thus protecting all legitimate processes running in a multicore SoC. To sustain high performance, we implement the firewall in hardware, with rule-checking performed at segmentlevel based on deny rules. Furthermore, to evaluate its impact, we develop a novel framework on top of gem5 simulation environment, coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics (STNoC). Simulation tests include scenarios in which legitimate and malicious processes, running in different CPUs, request access to shared memory. Our results indicate that a firewall implementation at the NI can have a positive effect on network performance by reducing both end-to-end network delay and power consumption. We also show that our coarse-grain firewall can prevent saturation of the on-chip network and performs better than fine-grain alternatives that perform rule checking at page-level. Simulation results are accompanied with field measurements performed on a Zedboard platform running Linux, whereas the NoC Firewall is implemented as a reconfigurable, memory-mapped device on top of AMBA AXI4 interconnect fabric.
2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS), 2014
International Journal of Semantic Computing, 2014
The ramification problem in Artificial Intelligence is concerned with the indirect effects of an ... more The ramification problem in Artificial Intelligence is concerned with the indirect effects of an action. It has been shown in previous work that the ramification problem can be solved with the use of integrity constraints and actions representation. In this paper we begin with a quick review of the existing Description Logic Languages, and then we describe a Temporal Extension of Description Logics, able to represent integrity constraints, temporalized actions and non persistent effects. We describe a thorough solution to the ramification problem in Temporal Settings expressed in Temporal Description Logics. The solution also deals with the hard case, in which the effects of an action change the belief about the past.
2013 Euromicro Conference on Digital System Design, 2013
ABSTRACT
2013 Euromicro Conference on Digital System Design, 2013
ABSTRACT