![Institutional Repository [SANDBOX]](images/dias.logo.png "Institutional Repository [SANDBOX]"){kind=logo}
Institutional Repository [SANDBOX]
Technical University of Crete
Technical University of Crete
EN
|
EL
| URI | http://purl.tuc.gr/dl/dias/352FECFE-3312-4F00-A3B2-1D9FF96673D2 | - |
| Identifier | http://users.isc.tuc.gr/~kpapadimitriou/publications/2014hpcc-SecEffHWfwMPSoC.pdf | - |
| Language | en | - |
| Title | Security effectiveness and a hardware firewall for MPSoCs | en |
| Creator | Grammatikakis Miltos D. | en |
| Creator | Papadimitriou Kyprianos | en |
| Creator | Παπαδημητριου Κυπριανος | el |
| Creator | Petrakis Polydoros | en |
| Creator | Papagrigoriou Antonis | en |
| Creator | Kornaros Georgios | en |
| Creator | Κορναρος Γεωργιος | el |
| Creator | Christoforakis Ioannis | en |
| Creator | Coppola Marcello | en |
| Content Summary | There is a constant increase in the interest shown for trusted computing in the embedded domain. In an MPSoC each processing element such as a CPU could request accessing any physical resource of the device such as a memory or an I/O component. Along with normal requests, malevolent ones could occur produced by malware applications or processes running in one or more CPUs. A protection mechanism is required to prevent injection of malicious data across the device, e.g. unsafe data written by a CPU into a memory address, which are read later by another CPU. A considerable amount of research has been devoted in security for MPSoCs, but limited work exists in performing protection at the source instead of the target, thus cutting-off malicious content at an early stage prior to entering the on-chip network. In the present work we focus on the side of the CPU connected to the SoC network. We are envisioning a self-contained NoC firewall, which by checking the physical address of a request to a memory-mapped device against a set of rules, rejects untrusted CPU requests to the on-chip memory, thus protecting all legitimate applications running in a shared-memory SoC. To sustain high-performance we implemented the firewall in hardware, while rule-checking is performed at segment-level based on deny rules. To evaluate the impact of security mechanisms we developed a novel framework based on gem5, coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics called Spidergon STNoC. Tests include several scenarios with legitimate and malicious processes running in different CPUs requesting access to shared memory. Preliminary results show that the incorporation of a security mechanism in the network interface can have a positive effect on network performance by reducing both the end-toend delivery time of packets, and the power consumed from unnecessary transmissions. From the network aspect, this effect is independent of the performance of implementation itself, e.g. either a hardware or a software solution equally relieves the network from unnecessary loads. Finally, we compare the performance of our hardware approach over a simple equivalent software solution. Certainly, this comparison favours hardware by considerable margins, however we use it only as reference to illustrate the merit from implementing protection in hardware. The purpose of the present study is three-fold. First, we present the proposed hardware NoC firewall. Then we examine the effect on network transmissions from incorporating a security mechanism in the network interface; to do this we developed a novel framework. Finally, we include preliminary performance results of our NoC firewall and a simple yet indicative comparison with a software solution. | en |
| Type of Item | Πλήρης Δημοσίευση σε Συνέδριο | el |
| Type of Item | Conference Full Paper | en |
| License | http://creativecommons.org/licenses/by/4.0/ | en |
| Date of Item | 2015-11-12 | - |
| Date of Publication | 2014 | - |
| Bibliographic Citation | M.D. Grammatikakis, K. Papadimitriou, P. Petrakis, A. Papagrigoriou, G. Kornaros and I. Christoforakis, M. Coppola, "Security Effectiveness and a Hardware Firewall for MPSoCs", in 6th IEEE International Workshop on Multicore and Multithreaded Architectures and Algorithms (M2A2), in conjunction with the 16th IEEE International Conference on High Performance Computing and Communications (HPCC), August 2014. | en |
Copyright © DIAS 2013
