Bus-based MPSoC Security through Communication Protection: A Latency-efficient Alternative (original) (raw)
Related papers
Lightweight reconfiguration security services for AXI-based MPSoCs
22nd International Conference on Field Programmable Logic and Applications (FPL), 2012
Nowadays, security is a key constraint in MPSoC development as many critical and secret information can be stored and manipulated within these systems. Addressing the protection issue in an efficient way is challenging as information can leak from many points. However one strategic component of a bus-based MPSoC is the communication architecture as all information that an attacker could try to extract or modify would be visible on the bus. Thus monitoring and controlling communications allows an efficient protection of the whole system. Attacks can be detected and discarded before system corruption. In this work, we propose a lightweight solution to dynamically update hardware firewall enhancements which secure data exchanges in a busbased MPSoC. It provides a standalone security solution for AXI-based embedded systems where no user intervention is required for security mechanisms update. An FPGA implementation demonstrates an area overhead of around 11% for the adaptive version of the hardware firewall compared to the static one.
7th International Workshop on Reconfigurable and Communication-Centric Systems-on-Chip (ReCoSoC), 2012
Nowadays, embedded systems become more and more complex: the hardware/software codesign approach is a method to create such systems in a single chip which can be based on reconfigurable technologies such as FPGAs (Field-Programmable Gate Arrays). In such systems, data exchanges are a key point as they convey critical and confidential information and data are transmitted between several hardware modules and software layers. In case of an FPGA development life cycle, OS (Operating System) / data updates as runtime communications can be done through an insecure link: attackers can use this medium to make the system misbehave (malicious injection) or retrieve bitstream-related information (eavesdropping). Recent works propose solutions to securely boot a bitstream and the associated OS while runtime transactions are not protected. This work proposes a full boot-to-runtime protection flow of an embedded Linux kernel during boot and confidentiality/integrity protection of the external memory containing the kernel and the main application code/data. This work shows that such a solution with hardware components induces an area occupancy of 10% of a xc6vlx240t Virtex-6 FPGA while having an improved throughput for Linux booting and lowlatency security for runtime protection.
Secure channels in an integrated MPSoC architecture
IECON 2013 - 39th Annual Conference of the IEEE Industrial Electronics Society, 2013
Providing security in an embedded system often boils down to solving a trade-off problem between security and performance. Simultaneously, Multi-Processor System-on-a-Chip (MPSoC) devices are in the early stages to increase computational performance, energy and die area efficiency, and reduce the number of physical units in the embedded system design arena. Moreover, MPSoCs enable composing heterogeneous subsystems on a single silicon die which is particularly desirable for large volume embedded devices. However, these benefits come at a price: an increase in the system's complexity. Complexity does not only make the system design process more difficult, but also it renders certain vulnerabilities possible. A solution is to follow well-established architectural principles to reduce complexity and to provide the required level of security. In this paper we demonstrate how the basic architectural principles of the ACROSS MPSoC architecture can be combined with the requirements of standard security techniques (i.e., encryption, authentication) to produce an efficient security solution for MPSoC systems. We propose a security architecture which uses the principles of temporal and spatial partitioning, temporal determinism, and mixed-criticality integration to migrate resource expensive security functions form the application components to a dedicated security component within the MPSoC. This leaves application components with a thin security provider, without any loss of functionality and more local resources at their disposal. Thereby, we deliver a flexible, resource efficient security solution, which highlights the benefits of partitioning MPSoC architectures for security.
Lightweight reconfiguration services for AXI-based MPSoCs
Nowadays, security is a key constraint in MPSoC develop-ment as many critical and secret information can be stored and manipulated within these systems. Addressing the pro-tection issue in an efficient way is challenging as information can leak from many points. However one strategic compo-nent of a bus-based MPSoC is the communication architec-ture as all information that an attacker could try to extract or modify would be visible on the bus. Thus monitoring and controlling communications allows an efficient protec-tion of the whole system. Attacks can be detected and dis-carded before system corruption. In this work, we propose a lightweight solution to dynamically update hardware fire-wall enhancements which secure data exchanges in a bus-based MPSoC. It provides a standalone security solution for AXI-based embedded systems where no user intervention is required for security mechanisms update. An FPGA imple-mentation demonstrates an area overhead of around 11% for the adaptive ve...
Security in MPSoCs: A NoC Firewall and an Evaluation Framework
—In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as on-chip memory or I/O devices. Along with normal requests, malevolent ones, generated by malicious processes running in one or more CPUs, could occur. A protection mechanism is therefore required to prevent injection of malicious instructions or data across the system. We propose a self-contained Network-on-Chip (NoC) firewall at the network interface (NI) layer which, by checking the physical address against a set of rules, rejects untrusted CPU requests to the on-chip memory, thus protecting all legitimate processes running in a multicore SoC. To sustain high performance, we implement the firewall in hardware, with rule-checking performed at segment-level based on deny rules. Furthermore, to evaluate its impact, we develop a novel framework on top of gem5 simulation environment , coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics (STNoC). Simulation tests include scenarios in which legitimate and malicious processes, running in different CPUs, request access to shared memory. Our results indicate that a firewall implementation at the NI can have a positive effect on network performance by reducing both end-to-end network delay and power consumption. We also show that our coarse-grain firewall can prevent saturation of the on-chip network and performs better than fine-grain alternatives that perform rule checking at page-level. Simulation results are accompanied with field measurements performed on a Zedboard platform running Linux, whereas the NoC Firewall is implemented as a reconfigurable, memory-mapped device on top of AMBA AXI4 interconnect fabric.
Architectural Frameworks for Security and Reliability of MPSoCs
IEEE Transactions on Very Large Scale Integration Systems, 2011
Multiprocessor System on Chip (MPSoC) architectures are increasingly used in modern embedded systems. MPSoCs are used for confidential and critical applications and hence need strong security and reliability features.
Distributed Security for Communications and Memories in a Multiprocessor Architecture
2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum, 2011
The need for security in embedded systems has strongly increased since several years. Nowadays, it is possible to integrate several processors in a single chip. The design of such multiprocessor systems-on-chip (MPSoC) must be done with a lot of care as the execution of applications may lead to potential vulnerabilities such as revelation of critical data and private information. Thus it becomes mandatory to deal with security issues all along the design cycle of the MPSoC in order to guarantee a global protection. Among the critical points, the protection of the communications is very sensible as most of the data are exchanged through the communication architecture of the system. This paper targets this point and proposes a solution with distributed enhancements to secure data exchanges and to monitor communications within a MPSoC. In order to validate our contribution, a case study based on a generic multiprocessor architecture is considered.
A security aware routing approach for NoC-based MPSoCs
2016 29th Symposium on Integrated Circuits and Systems Design (SBCCI), 2016
Malicious applications target Multi-Processors System-on-Chip (MPSoCs) to capture sensitive information or disrupt normal operation; therefore, security is now a design requirement for MPSoC design. Network-on-Chip (NoC) is a key communication structure to aid in the overall MPSoC protection. Firewall-based NoC protection allows data exchange monitoring and controlling according to the MPSoC security policy. Secure NoCs enable to detect and prevent a broad range of softwarebased attacks. However, complex security policies may turn firewalls costly. This paper proposes a protection technique based on the NoC routing algorithm. By manipulating the routing of packets, security zones can be built. Our routing algorithm prioritizes communication among paths deemed secure while guaranteeing deadlock freedom. We evaluate the scalability of the proposed technique using synthetic and real application scenarios, as well as the security of the proposed technique.
TinyTPM: A lightweight module aimed to IP protection and trusted embedded platforms
2011 IEEE International Symposium on Hardware-Oriented Security and Trust, 2011
Currently, embedded system implementations are increasingly exploiting reconfigurable devices such as Field Programmable Gate Arrays (FPGAs). Due to the volatile nature of SRAM-based FPGAs it is necessary to secure such systems against intellectual property (IP) theft and overproduction. Additionally, the trustworthy operation of these systems has to be guarded in order to protect the processed data. We propose in this paper a novel cryptographic module called TinyTPM, which enforces trustworthy operation and IP protection for embedded systems. Our approach covers the following two key principles: (i) trustworthy attestation of the embedded system state, (ii) IP protection by providing authenticated and encrypted update procedures for FPGAs. The TinyTPM consumes only a few resources and is therefore well-suited to design secure, efficient, and low cost FPGA-based embedded systems. This architecture has been implemented as a proof-of-concept on top of a Xilinx Virtex-5 FPGA platform and demonstrates both, security and efficiency.