Το work with title Security effectiveness and a hardware firewall for MPSoCs by Grammatikakis Miltos D., Papadimitriou Kyprianos, Petrakis Polydoros, Papagrigoriou Antonis, Kornaros Georgios, Christoforakis Ioannis , Coppola Marcello is licensed under Creative Commons Attribution 4.0 International
Bibliographic Citation
M.D. Grammatikakis, K. Papadimitriou, P. Petrakis, A. Papagrigoriou, G. Kornaros and I. Christoforakis, M. Coppola, "Security Effectiveness and a Hardware Firewall for MPSoCs", in 6th IEEE International Workshop on Multicore and Multithreaded Architectures and Algorithms (M2A2), in conjunction with the 16th IEEE International Conference on High Performance Computing and Communications (HPCC), August 2014.
There is a constant increase in the interest shownfor trusted computing in the embedded domain. In an MPSoCeach processing element such as a CPU could request accessingany physical resource of the device such as a memory or an I/Ocomponent. Along with normal requests, malevolent ones couldoccur produced by malware applications or processes runningin one or more CPUs. A protection mechanism is required toprevent injection of malicious data across the device, e.g. unsafedata written by a CPU into a memory address, which are readlater by another CPU. A considerable amount of research hasbeen devoted in security for MPSoCs, but limited work exists inperforming protection at the source instead of the target, thuscutting-off malicious content at an early stage prior to enteringthe on-chip network.In the present work we focus on the side of the CPU connectedto the SoC network. We are envisioning a self-contained NoCfirewall, which by checking the physical address of a requestto a memory-mapped device against a set of rules, rejectsuntrusted CPU requests to the on-chip memory, thus protectingall legitimate applications running in a shared-memory SoC.To sustain high-performance we implemented the firewall inhardware, while rule-checking is performed at segment-levelbased on deny rules. To evaluate the impact of security mechanismswe developed a novel framework based on gem5, couplingARM technology and an instance of a commercial point-to-pointinterconnect from STMicroelectronics called Spidergon STNoC.Tests include several scenarios with legitimate and maliciousprocesses running in different CPUs requesting access to sharedmemory. Preliminary results show that the incorporation of asecurity mechanism in the network interface can have a positiveeffect on network performance by reducing both the end-toenddelivery time of packets, and the power consumed fromunnecessary transmissions. From the network aspect, this effectis independent of the performance of implementation itself,e.g. either a hardware or a software solution equally relievesthe network from unnecessary loads. Finally, we compare theperformance of our hardware approach over a simple equivalentsoftware solution. Certainly, this comparison favours hardwareby considerable margins, however we use it only as reference toillustrate the merit from implementing protection in hardware.The purpose of the present study is three-fold. First, we presentthe proposed hardware NoC firewall. Then we examine theeffect on network transmissions from incorporating a securitymechanism in the network interface; to do this we developed anovel framework. Finally, we include preliminary performanceresults of our NoC firewall and a simple yet indicative comparisonwith a software solution.