SecureMemoryAccessesonNetworks-on-Chip

Abstract—Security is gaining relevance in the development of embedded devices. Toward a secure system at each level of design,this paper addresses security aspects related to Network-on-Chip (NoC) architectures, foreseen as the communication infrastructureof next-generation embedded devices. In the context of NoC-based multiprocessor systems, we focus on the topic, not yet thoroughlyfaced, of data protection. In this paper, we present a secure NoC architecture composed of a set of Data Protection Units (DPUs)implemented within the Network Interfaces (NIs). The runtime configuration of the programmable part of the DPUs is managed by acentral unit, the Network Security Manager (NSM). The DPU, similar to a firewall, can check and limit the access rights (none, read,write, or both) of processors accessing data and instructions in a shared memory. In particular, the DPU can distinguish between theoperating roles (supervisor/user and secure/nonsecure) of the processing elements. We explore alternative implementations of theDPU and demonstrate how this unit does not affect the network latency if the memory request has the appropriate rights. We alsofocus on the dynamic updating of the DPUs to support their utilization in dynamic environments and on the utilization of authenticationtechniques to increase the level of security.Index Terms—Embedded systems, security, data protection, Multiprocessor System-on-Chip (MPSoC), Networks-on-Chip (NoCs).

[1]  Gianluca Palermo,et al.  PIRATE: A Framework for Power/Performance Exploration of Network-on-Chip Architectures , 2004, PATMOS.

[2]  Ran Ginosar,et al.  Efficient Link Capacity and QoS Design for Network-on-Chip , 2006, Proceedings of the Design Automation & Test in Europe Conference.

[3]  Radu Marculescu,et al.  Prediction-based flow control for network-on-chip traffic , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[4]  Krishnan Srinivasan,et al.  A technique for low energy mapping and routing in network-on-chip architectures , 2005, ISLPED '05. Proceedings of the 2005 International Symposium on Low Power Electronics and Design, 2005..

[5]  Eric Chien,et al.  ∆ Current and Previous Threats ∆ Current Security ∆ Combating Blended Threats in the Future Symantec BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES Contents , 2009 .

[6]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[7]  Luca Benini,et al.  Networks on chips - technology and tools , 2006, The Morgan Kaufmann series in systems on silicon.

[8]  Srivaths Ravi,et al.  SECA: security-enhanced communication architecture , 2005, CASES '05.

[9]  Xiangyu Zhang,et al.  SENSS: security enhancement to symmetric shared memory multiprocessors , 2005, 11th International Symposium on High-Performance Computer Architecture.

[10]  Luca Benini,et al.  Networks on Chips : A New SoC Paradigm , 2022 .

[11]  Y. Zhang,et al.  Security wrappers and power analysis for SoC technology , 2003, First IEEE/ACM/IFIP International Conference on Hardware/ Software Codesign and Systems Synthesis (IEEE Cat. No.03TH8721).

[12]  S. Evain,et al.  From NoC security analysis to design solutions , 2005, IEEE Workshop on Signal Processing Systems Design and Implementation, 2005..

[13]  Kees Goossens,et al.  AEthereal network on chip: concepts, architectures, and implementations , 2005, IEEE Design & Test of Computers.

[14]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[15]  Vittorio Zaccaria,et al.  System Level Power Modeling and Simulation of High-End Industrial Network-On-Chip , 2004, Ultra Low-Power Electronics and Design.

[16]  David Samyde,et al.  Side channel cryptanalysis , 2002 .

[17]  Norman P. Jouppi,et al.  CACTI: an enhanced cache access and cycle time model , 1996, IEEE J. Solid State Circuits.

[18]  Gianluca Palermo,et al.  A data protection unit for NoC-based architectures , 2007, 2007 5th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[19]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[20]  Brian Rogers,et al.  Efficient data protection for distributed shared memory multiprocessors , 2006, 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[21]  Luca Benini,et al.  Packetized on-chip interconnect communication analysis for MPSoC , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[22]  Tobias Bjerregaard,et al.  A survey of research and practices of Network-on-chip , 2006, CSUR.

[23]  Om Prakash Gangwal,et al.  An efficient on-chip NI offering guaranteed services, shared-memory abstraction, and flexible network configuration , 2005 .

[24]  Yusuf Leblebici,et al.  Quantitative modelling and comparison of communication schemes to guarantee quality-of-service in networks-on-chip , 2005, 2005 IEEE International Symposium on Circuits and Systems.

[25]  Vincenzo Catania,et al.  A methodology for design of application specific deadlock-free routing algorithms for NoC systems , 2006, Proceedings of the 4th International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS '06).

[26]  Partha Pratim Pande,et al.  Performance evaluation and design trade-offs for network-on-chip interconnect architectures , 2005, IEEE Transactions on Computers.

[27]  K. Pagiamtzis,et al.  Content-addressable memory (CAM) circuits and architectures: a tutorial and survey , 2006, IEEE Journal of Solid-State Circuits.

[28]  Guy Gogniat,et al.  NOC-centric Security of Reconfigurable SoC , 2007, First International Symposium on Networks-on-Chip (NOCS'07).

[29]  Sudhakar Yalamanchili,et al.  Interconnection Networks: An Engineering Approach , 2002 .

[30]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[31]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[32]  Catherine H. Gebotys,et al.  A framework for security on NoC technologies , 2003, IEEE Computer Society Annual Symposium on VLSI, 2003. Proceedings..

[33]  Cristina Silvano,et al.  Security Aspects in Networks-on-Chips: Overview and Proposals for Secure Implementations , 2007 .

[34]  Ran Ginosar,et al.  QNoC: QoS architecture and design process for network on chip , 2004, J. Syst. Archit..

[35]  Axel Jantsch,et al.  Guaranteed bandwidth using looped containers in temporally disjoint networks within the nostrum network on chip , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[36]  Radu Marculescu,et al.  Application-specific buffer space allocation for networks-on-chip router design , 2004, ICCAD 2004.

[37]  Michael S. Hsiao,et al.  Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[38]  Matt Bishop,et al.  Attack class: address spoofing , 1997 .

[39]  Jörg Henkel,et al.  Bounded arbitration algorithm for QoS-supported on-chip communication , 2006, Proceedings of the 4th International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS '06).

[40]  Kees G. W. Goossens,et al.  Trade Offs in the Design of a Router with Both Guaranteed and Best-Effort Services for Networks on Chip , 2003, DATE.

[41]  Eric Chien,et al.  BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES , 2002 .

[42]  William J. Dally,et al.  Route packets, not wires: on-chip inteconnection networks , 2001, DAC '01.

[43]  Guy Gogniat,et al.  Secure Architecture in Embedded Systems: an Overview , 2006, ReCoSoC.

[44]  Diederik Verkest,et al.  Spatial division multiplexing: a novel approach for guaranteed throughput on NoCs , 2005, 2005 Third IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS'05).

[45]  Radu Marculescu,et al.  Key research problems in NoC design: a holistic perspective , 2005, 2005 Third IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS'05).

[46]  Miltos D. Grammatikakis,et al.  OCCN: a network-on-chip modeling and simulation framework , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.