论文信息 - SECA: security-enhanced communication architecture

SECA: security-enhanced communication architecture

In this work, we propose and investigate the idea of enhancing a System-on-Chip (SoC) communication architecture (the fabric that integrates system components and carries the communication traffic between them) to facilitate higher security. We observe that a wide range of common security attacks are manifested as abnormalities in the system-level communication traffic. Therefore, the communication architecture, with its global system-level visibility, can be used to detect them. The communication architecture can also effectively react to security attacks by disallowing the offending communication transactions, or by notifying appropriate components of a security violation. We describe the general principles involved in a security-enhanced communication architecture (SECA) and show how several security objectives can be encoded in terms of policies that govern the inter-component communication traffic. We detail the implementation of SECA in the context of a popular commercial on-chip bus architecture (the AMBA architecture from ARM) through a combination of a centralized security enforcement module, and enhancements to the bus interfaces of system components. We illustrate how SECA can be used to enhance embedded system security in several application scenarios. A simple instance of SECA has been implemented in a commercial application processor SoC for mobile phones. We provide results of experiments performed to validate the proposed concepts through system-level simulation, and evaluate their overheads through hardware implementation using a commercial design flow.

Srivaths Ravi | Anand Raghunathan | Srimat T. Chakradhar | Joel Coburn

[1] Paul Francis,et al. Fast routing table lookup using CAMs , 1993, IEEE INFOCOM '93 The Conference on Computer Communications, Proceedings.

[2] Krste Asanovic,et al. Mondrian memory protection , 2002, ASPLOS X.

[3] William Stallings,et al. Cryptography and Network Security: Principles and Practice , 1998 .

[4] Richard A. Kemmerer,et al. State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[5] Peter Baer Galvin,et al. Applied Operating System Concepts , 1999 .

[6] Dan Boneh,et al. Architectural support for copy and tamper resistant software , 2000, SIGP.

[7] G. Edward Suh,et al. AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[8] Daniel Thull,et al. Performance considerations for an embedded implementation of OMA DRM 2 , 2005, Design, Automation and Test in Europe.

[9] Michael J. Flynn,et al. An area model for on-chip memories and its application , 1991 .

[10] Iván Arce,et al. Bad Peripherals , 2005, IEEE Secur. Priv..

[11] John M. Boone,et al. INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[12] Ira Krepchin,et al. Texas Instruments Inc. , 1963, Nature.

[13] Trevor Mudge,et al. MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[14] Fred B. Schneider,et al. Enforceable security policies , 2000, TSEC.