URI | http://purl.tuc.gr/dl/dias/352FECFE-3312-4F00-A3B2-1D9FF96673D2 | - |
Αναγνωριστικό | http://users.isc.tuc.gr/~kpapadimitriou/publications/2014hpcc-SecEffHWfwMPSoC.pdf | - |
Γλώσσα | en | - |
Τίτλος | Security effectiveness and a hardware firewall for MPSoCs | en |
Δημιουργός | Grammatikakis Miltos D. | en |
Δημιουργός | Papadimitriou Kyprianos | en |
Δημιουργός | Παπαδημητριου Κυπριανος | el |
Δημιουργός | Petrakis Polydoros | en |
Δημιουργός | Papagrigoriou Antonis | en |
Δημιουργός | Kornaros Georgios | en |
Δημιουργός | Κορναρος Γεωργιος | el |
Δημιουργός | Christoforakis Ioannis | en |
Δημιουργός | Coppola Marcello | en |
Περίληψη | There is a constant increase in the interest shown
for trusted computing in the embedded domain. In an MPSoC
each processing element such as a CPU could request accessing
any physical resource of the device such as a memory or an I/O
component. Along with normal requests, malevolent ones could
occur produced by malware applications or processes running
in one or more CPUs. A protection mechanism is required to
prevent injection of malicious data across the device, e.g. unsafe
data written by a CPU into a memory address, which are read
later by another CPU. A considerable amount of research has
been devoted in security for MPSoCs, but limited work exists in
performing protection at the source instead of the target, thus
cutting-off malicious content at an early stage prior to entering
the on-chip network.
In the present work we focus on the side of the CPU connected
to the SoC network. We are envisioning a self-contained NoC
firewall, which by checking the physical address of a request
to a memory-mapped device against a set of rules, rejects
untrusted CPU requests to the on-chip memory, thus protecting
all legitimate applications running in a shared-memory SoC.
To sustain high-performance we implemented the firewall in
hardware, while rule-checking is performed at segment-level
based on deny rules. To evaluate the impact of security mechanisms
we developed a novel framework based on gem5, coupling
ARM technology and an instance of a commercial point-to-point
interconnect from STMicroelectronics called Spidergon STNoC.
Tests include several scenarios with legitimate and malicious
processes running in different CPUs requesting access to shared
memory. Preliminary results show that the incorporation of a
security mechanism in the network interface can have a positive
effect on network performance by reducing both the end-toend
delivery time of packets, and the power consumed from
unnecessary transmissions. From the network aspect, this effect
is independent of the performance of implementation itself,
e.g. either a hardware or a software solution equally relieves
the network from unnecessary loads. Finally, we compare the
performance of our hardware approach over a simple equivalent
software solution. Certainly, this comparison favours hardware
by considerable margins, however we use it only as reference to
illustrate the merit from implementing protection in hardware.
The purpose of the present study is three-fold. First, we present
the proposed hardware NoC firewall. Then we examine the
effect on network transmissions from incorporating a security
mechanism in the network interface; to do this we developed a
novel framework. Finally, we include preliminary performance
results of our NoC firewall and a simple yet indicative comparison
with a software solution. | en |
Τύπος | Πλήρης Δημοσίευση σε Συνέδριο | el |
Τύπος | Conference Full Paper | en |
Άδεια Χρήσης | http://creativecommons.org/licenses/by/4.0/ | en |
Ημερομηνία | 2015-11-12 | - |
Ημερομηνία Δημοσίευσης | 2014 | - |
Βιβλιογραφική Αναφορά | M.D. Grammatikakis, K. Papadimitriou, P. Petrakis, A. Papagrigoriou, G. Kornaros and I. Christoforakis, M. Coppola, "Security Effectiveness and a Hardware Firewall for MPSoCs", in 6th IEEE International Workshop on Multicore and Multithreaded Architectures and Algorithms (M2A2), in conjunction with the 16th IEEE International Conference on High Performance Computing and Communications (HPCC), August 2014. | en |