Cryptoarchi 2012 SEPULVEDA

7/31/2019 Cryptoarchi 2012 SEPULVEDA

1/41

NoC-BASED DYNAMIC SECURITYIMPLEMENTATION FOR

MULTI-APPLICATION SoC

Johanna Seplveda Flrez ([email protected])

Guy Gogniat ([email protected])

Ricardo Pires ([email protected])

Marius Strum ([email protected])

Lab-STICCUNIVERSIT DE BRETAGNE SUD

UNIVERSITY OF SO PAULO2012


2/41

1. INTRODUCTION.

Problem.

MPSoCs (Multiprocessor System-on-Chip)

NoC (Network-on-chip).

2. RELATED WORK.

3. OUR APPROACH.

1. Architecture.

2. Functionality.

4. EXPERIMENTAL WORK.

5. RESULTS.

6. CONCLUSIONS AND FUTURE WORKS.

Summary


3/41

Introduction

Media players

Game console

Electronic banking

Automotive electronics

Electronic money

Cellphones

Aviation

SECURITY: Critical requirement at the electronics systems design.


4/41

Introduction

Digital rights management

SoC

Secure personal data

Secure execution of downloaded SW

Fraudulent transactions avoidance

Content security

Non-repudiation

Intellectual property protection

System-on-Chip (SoC) : Integrated Computing System.

SoCscan be attacked!!


5/41

Cost effective: * General purpose SoC.

* Integrate different applications on the

same chip.

Applications: Communication requirements, security policy

and design constraints (Dynamic security policy).

Introduction

MULTI-APPLICATION SYSTEM


6/41

Communication Structure

uP

MPSoC

Software attacks!

Problem

Security incidents: 80% via software.

uP

uP

uP


7/41


uP

MPSoC

uP

uP

uP

Problem

Explore the SoCvulnerabilities.


8/41


uP

MPSoC

uP

uP

uP

Infection: Takes advantage of the trusty components rights!!

Problem


9/41

All software attacks begin with an abnormal communication.


10/41

Communication structure

M1

M3

M2

S1

S3

S2

COMMUNICATIONSTRUCTURE

Monitor information exchange.

Detect attacks.

Diagnosis Trigger recovery mechanisms.


11/41

NoC (Network-on-Chip)

M S M

S M M

S M S

Router

Links

Topology: Simple orhierarchical


12/41

Network protocol

Router

Transmission

Packets building

M/S

M/S

Reception

Synchronization

Separation of routing information

NoC (Network-on-Chip)


13/41

Communication

Security (S)

QoSS

+Quality (QoS)


14/41


15/41

NoC security Basic concepts

Rights

Security policy: Rules the relationship between the application and theresources (static/dynamic).

Safe system: Behaves as expected and the vulnerabilities are

minimized. Vulnerability: Weakness that may be explored in order to attack a

system.

Attack:Any unauthorized attempt to access or use the resources.

Application Resources


16/41

1. CONFIDENTIALITY: Secrecy of information.

2. INTEGRITY: Correctness of the information.

3. AUTHENTICATION:Source integrity.

4. ACESS CONTROL:Authorized use of the resources.

5. AVAILABILITY: Resources can be used.

6. NO REPUDIATION: Evidence of communication.

SECURITY SERVICES

Protect the system resources and mitigate the attacks.

NoC security Basic concepts


17/41

QoSS (Quality of Security Service)

QoSS= QoS + Security Security as a QoSdimension.

Security level.

Selection:

Security requirements and resources availability.

Operation mode and security/cost trade-off.

Latency

Jitter

Throughput

Loss rate

Security


18/41

QoSS (Quality of Security Service)

Advantages:

Lower protection cost.

Enhance the efficiency of the resources utilization.

Better system control.Flexibility.

Disadvantages:

System complexity.


19/41


20/41

S

Security services: Non repudiation, confidentiality.

Componentes:

SNI:Secure network interface.SNM: Secure network manager (monitor).

SNM

NoCM SNI

SNI

[EVA05, DIG07]

Previous works - Static policy


21/41

S

Security service: Access control.

Components:

DPU:Data protection Unit (memory access).

NoCMD

PU

D

PU

[FIO07, FIO08]


i k i li


22/41

S

Security service: Access control, availability.

Components:

PPS:Processor protection Unit.SPU: Stack protection unit.

ITU: Instruction trace unit.

DPU:Data protection Unit (memory access).

NoCMDPU

PPS

[LUK10]


SPU

ITU

i k i li


23/41


Limitations1. Support a static security policy.

2. Support a single level of security.

3. Lack of system performance evaluation.

4. Lack of security efficacy evaluation.

Advantage

Show that NoCcan be a useful structure tohandle different security services.

P i k D i li


24/41

Security service: Access control and authentication.

Components:

Configuration controlPolicy keeper

Monitor

[SEP11]

Previous works - Dynamic policy

Large link

overhead.

Single level

(No QoSS).


25/41


26/41

To provide security for MPSoCs and guarantee thatperformance and security requirements are met.

A t l i l t ti


27/41

Access control implementation

Access control

SV TV RV

Level 0Level 1 X

Level 2 X X

Level 3 X X X

VF: Source verification.

VT: Type verification.

VP: Role verification.

FIREWALL:

Allows or blocks a transaction.

According to a security policy.

Implemented at the network interface.

At the packet arrival.

Before the packet injection to the NoC

Security levels.

Control information: source, type, role.

A th ti ti i l t ti


28/41

Authentication implementation Implementation: at the network interface.

4 security levels.

Uses the NoC characteristics.

Authentication

NR RP CC

Level 0Level 1 X

Level 2 X X

Level 3 X X X

NR: Number of routers.

RP: Routers through the path.

CC: Communication code.

FIREWALL:

O h


29/41

Our approach Layered security implementation (Hierarchic NoC).

MPSoC organized as independent clusters (IP security andcommunication characteristics): Security zones.

Distributes the security policy management (global and local)

by partitioning the NoC topology (High-NoC, Low-NoC).

O h


30/41

Our approachGlobal security:* Configuration control.

* Policy keeper.

* Monitor

Local security:

* Security mechanisms.* Local configuration control (Manager)

QoSS needs.

O h


31/41

Our approach Security policy changes:

The global configuration control (High-NoC)notify the

managerof the corresponding security zone.

The Manager of the security zone (Low-NoC) modifies thesecurity tables of the firewalls.

The reconfiguration doesnt take place until the arrival of the

packets that are inside the network and whose destination is

any of those interfaces that are going to change.

St d


32/41

Study case

Functions of the 3 applications

3 applications of the MiBench benchmark.

Automotive.

Consumer electronics.

Telecommunication.

3 different security policies.

All possible combinations.

Predefined mapping cases.

I l t ti


33/41

Implementation

Automotive

Consumerelectronics

Telecomm.

Sec. policy

Sec. policy

Sec. policy

Implementation


34/41

ImplementationNoC parameters

Evaluation


35/41

SystemC-TLM

Traffic/attacks

generators

Monitors

Analysis tools

Evaluation

Simulation


36/41

5 flits Payload.

600.000 simulated cycles.

Poisson traffic, LRD (Long Range Dependence).

3 Types of attacks:

Simulation Conditions

Extraction.

Modification.

Denial-of-Service (DoS).

30% are critical data

Simulation

Results


37/41

ResultsSecurity efficacy

Security efficiency:

Latency Power

Security policy should change in order to achieve 100%.

Results


38/41

Results

The hierarchical

approach alwaysperforms better than

the simple dynamic.

Layeredapproach:

Doesnt interrupt othersecurity zones.

Performance penality

Conclusions and future work


39/41

We proposed a layered dynamic NoC-based security

implementation for MPSoCs (security zones).

Our approach provides an effective way to handle

security policy changes and improves the overall system

performance.

We adopt the QoSS concept that allows the designer to

customize the MPSoC protection in order to satisfy both,

security and performance requirements.

Results show that the inclusion of security issues in the

hierarchic NoC performs better that the simple

dynamical NoC architecture.




40/41

Conclusions and future work As a future work, we will study different techniques that

allow an improvement in the implementation of the

proposed security mechanisms.

We will explore different security services (confidentiality

and integrity).


41/41

Date post:	05-Apr-2018
Category:	Documents
Upload:	martha-sepulveda
View:	227 times
Download:	0 times

Cryptoarchi 2012 SEPULVEDA

Documents