Secure channels in an integrated MPSoC architecture

Providing security in an embedded system often boils down to solving a trade-off problem between security and performance. Simultaneously, Multi-Processor System-on-a-Chip (MPSoC) devices are in the early stages to increase computational performance, energy and die area efficiency, and reduce the number of physical units in the embedded system design arena. Moreover, MPSoCs enable composing heterogeneous subsystems on a single silicon die which is particularly desirable for large volume embedded devices. However, these benefits come at a price: an increase in the system's complexity. Complexity does not only make the system design process more difficult, but also it renders certain vulnerabilities possible. A solution is to follow well-established architectural principles to reduce complexity and to provide the required level of security. In this paper we demonstrate how the basic architectural principles of the ACROSS MPSoC architecture can be combined with the requirements of standard security techniques (i.e., encryption, authentication) to produce an efficient security solution for MPSoC systems. We propose a security architecture which uses the principles of temporal and spatial partitioning, temporal determinism, and mixed-criticality integration to migrate resource expensive security functions form the application components to a dedicated security component within the MPSoC. This leaves application components with a thin security provider, without any loss of functionality and more local resources at their disposal. Thereby, we deliver a flexible, resource efficient security solution, which highlights the benefits of partitioning MPSoC architectures for security.

[1]  Morrie Gasser,et al.  Building a Secure Computer System , 1988 .

[2]  Hermann Kopetz,et al.  Real-time systems , 2018, CSC '73.

[3]  Radu Marculescu,et al.  On-chip communication architecture exploration: A quantitative evaluation of point-to-point, bus, and network-on-chip approaches , 2007, TODE.

[4]  Hermann Kopetz,et al.  A System-on-a-Chip Platform for Mixed-Criticality Applications , 2010, 2010 13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing.

[5]  Luo Hong JAVA Security Architecture , 2000 .

[6]  Armin Wasicek,et al.  Copy protection for automotive electronic control units using authenticity heartbeat signals , 2012, IEEE 10th International Conference on Industrial Informatics.

[7]  Neeraj Suri,et al.  Compositional design of RT systems: a conceptual basis for specification of linking interfaces , 2003, Sixth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, 2003..

[8]  H. Peter Hofstee,et al.  Cell Broadband Engine processor vault security architecture , 2007, IBM J. Res. Dev..

[9]  Gary Mcgraw Software security , 2004, IEEE Security & Privacy Magazine.

[10]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[11]  Hermann Kopetz,et al.  Concepts of Switching in the Time-Triggered Network-on-Chip , 2008, 2008 14th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications.

[12]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[13]  Christian El Salloum,et al.  The ACROSS MPSoC -- A New Generation of Multi-core Processors Designed for Safety-Critical Embedded Systems , 2012, 2012 15th Euromicro Conference on Digital System Design.