Secure Memory Accesses on Networks-on-Chip

Security is gaining increasing relevance in the development of embedded devices. Towards a secure system at each level of design, this paper addresses security aspects related to network-on-chip (NoC) architectures, foreseen as the communication infrastructure of next-generation embedded devices. In the context of NoC-based multiprocessor systems, we focus on the topic, not yet thoroughly faced, of data protection. In this paper, we present a secure NoC architecture composed of a set of data protection units (DPUs) implemented within the network interfaces. The run-time configuration of the programmable part of the DPUs is managed by a central unit, the network security manager (NSM). The DPU, similar to a firewall, can check and limit the access rights (none, read, write, or both) of processors accessing data and instructions in a shared memory - in particular distinguishing between the operating roles (supervisor/user and secure/unsecure) of the processing elements. We explore different alternative implementations for the DPU and demonstrate how this unit does not affect the network latency if the memory request has the appropriate rights. We also focus on the dynamic updating of the DPUs to support their utilization in dynamic environments, and on the utilization of authentication techniques to increase the level of security.

[1]  Luca Benini,et al.  Networks on chips - technology and tools , 2006, The Morgan Kaufmann series in systems on silicon.

[2]  Ray Hunt,et al.  A taxonomy of network and computer attacks , 2005, Comput. Secur..

[3]  Norman P. Jouppi,et al.  CACTI: an enhanced cache access and cycle time model , 1996, IEEE J. Solid State Circuits.

[4]  Yusuf Leblebici,et al.  Quantitative modelling and comparison of communication schemes to guarantee quality-of-service in networks-on-chip , 2005, 2005 IEEE International Symposium on Circuits and Systems.

[5]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[6]  Radu Marculescu,et al.  Application-specific buffer space allocation for networks-on-chip router design , 2004, IEEE/ACM International Conference on Computer Aided Design, 2004. ICCAD-2004..

[7]  Brian Rogers,et al.  Efficient data protection for distributed shared memory multiprocessors , 2006, 2006 International Conference on Parallel Architectures and Compilation Techniques (PACT).

[8]  Luca Benini,et al.  Packetized on-chip interconnect communication analysis for MPSoC , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[9]  Catherine H. Gebotys,et al.  A framework for security on NoC technologies , 2003, IEEE Computer Society Annual Symposium on VLSI, 2003. Proceedings..

[10]  Matt Bishop,et al.  Attack class: address spoofing , 1997 .

[11]  Jörg Henkel,et al.  Bounded arbitration algorithm for QoS-supported on-chip communication , 2006, Proceedings of the 4th International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS '06).

[12]  Kees G. W. Goossens,et al.  Trade Offs in the Design of a Router with Both Guaranteed and Best-Effort Services for Networks on Chip , 2003, DATE.

[13]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[14]  Vittorio Zaccaria,et al.  System level power modeling and simulation of high-end industrial network-on-chip , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[15]  Miltos D. Grammatikakis,et al.  OCCN: a network-on-chip modeling and simulation framework , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[16]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[17]  Kees G. W. Goossens,et al.  An efficient on-chip NI offering guaranteed services, shared-memory abstraction, and flexible network configuration , 2005, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[18]  Gianluca Palermo,et al.  A data protection unit for NoC-based architectures , 2007, 2007 5th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[19]  Radu Marculescu,et al.  Key research problems in NoC design: a holistic perspective , 2005, 2005 Third IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS'05).

[20]  Luca Benini,et al.  Networks on Chips : A New SoC Paradigm , 2022 .

[21]  Y. Zhang,et al.  Security wrappers and power analysis for SoC technology , 2003, First IEEE/ACM/IFIP International Conference on Hardware/ Software Codesign and Systems Synthesis (IEEE Cat. No.03TH8721).

[22]  S. Evain,et al.  From NoC security analysis to design solutions , 2005, IEEE Workshop on Signal Processing Systems Design and Implementation, 2005..

[23]  Radu Marculescu,et al.  DyAD - smart routing for networks-on-chip , 2004, Proceedings. 41st Design Automation Conference, 2004..

[24]  Tobias Bjerregaard,et al.  A survey of research and practices of Network-on-chip , 2006, CSUR.

[25]  Srivaths Ravi,et al.  SECA: security-enhanced communication architecture , 2005, CASES '05.

[26]  Radu Marculescu,et al.  Prediction-based flow control for network-on-chip traffic , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[27]  Andreas Steffen Security in Embedded Systems , 2005, The Industrial Information Technology Handbook.

[28]  Guy Gogniat,et al.  Secure Architecture in Embedded Systems: an Overview , 2006, ReCoSoC.

[29]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[30]  Eric Chien,et al.  BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES , 2002 .

[31]  Gianluca Palermo,et al.  PIRATE: A Framework for Power/Performance Exploration of Network-on-Chip Architectures , 2004, PATMOS.

[32]  Ran Ginosar,et al.  Efficient Link Capacity and QoS Design for Network-on-Chip , 2006, Proceedings of the Design Automation & Test in Europe Conference.

[33]  Vincenzo Catania,et al.  A methodology for design of application specific deadlock-free routing algorithms for NoC systems , 2006, Proceedings of the 4th International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS '06).

[34]  Partha Pratim Pande,et al.  Performance evaluation and design trade-offs for network-on-chip interconnect architectures , 2005, IEEE Transactions on Computers.

[35]  Cristina Silvano,et al.  Security Aspects in Networks-on-Chips: Overview and Proposals for Secure Implementations , 2007 .

[36]  Ran Ginosar,et al.  QNoC: QoS architecture and design process for network on chip , 2004, J. Syst. Archit..

[37]  Axel Jantsch,et al.  Guaranteed bandwidth using looped containers in temporally disjoint networks within the nostrum network on chip , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[38]  Michael S. Hsiao,et al.  Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[39]  William J. Dally,et al.  Route packets, not wires: on-chip inteconnection networks , 2001, DAC '01.

[40]  Cristina Silvano,et al.  Security Aspects in Networks-on-Chips: Overview and Proposals for Secure Implementations , 2007, 10th Euromicro Conference on Digital System Design Architectures, Methods and Tools (DSD 2007).

[41]  Diederik Verkest,et al.  Spatial division multiplexing: a novel approach for guaranteed throughput on NoCs , 2005, 2005 Third IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS'05).

[42]  David Samyde,et al.  Side channel cryptanalysis , 2002 .

[43]  Xiangyu Zhang,et al.  SENSS: security enhancement to symmetric shared memory multiprocessors , 2005, 11th International Symposium on High-Performance Computer Architecture.

[44]  Sudhakar Yalamanchili,et al.  Interconnection Networks: An Engineering Approach , 2002 .

[45]  Krishnan Srinivasan,et al.  A technique for low energy mapping and routing in network-on-chip architectures , 2005, ISLPED '05. Proceedings of the 2005 International Symposium on Low Power Electronics and Design, 2005..

[46]  Kees Goossens,et al.  AEthereal network on chip: concepts, architectures, and implementations , 2005, IEEE Design & Test of Computers.

[47]  K. Pagiamtzis,et al.  Content-addressable memory (CAM) circuits and architectures: a tutorial and survey , 2006, IEEE Journal of Solid-State Circuits.

[48]  Guy Gogniat,et al.  NOC-centric Security of Reconfigurable SoC , 2007, First International Symposium on Networks-on-Chip (NOCS'07).