Networks on Chip with Provable Security Properties

In systems where a lack of safety or security guarantees can be catastrophic or even fatal, noninterference is used to separate domains handling critical (or confidential) information from those processing normal (or unclassified) data for purposes of fault containment and ease of verification. This article introduces SurfNoC, an on-chip network that significantly reduces the latency incurred by strict temporal partitioning. By carefully scheduling the network into waves that flow across the interconnect, data from different domains carried by these waves are strictly noninterfering while avoiding the significant overheads associated with cycle-by-cycle time multiplexing. The authors describe the scheduling policy and router microarchitecture changes required, and evaluate the information-flow security of a synthesizable implementation through gate-level information flow analysis. When comparing their approach for varying numbers of domains and network sizes, they find that in many cases SurfNoC can reduce the latency overhead of implementing cycle-level noninterference by up to 85 percent.

[1]  William J. Dally,et al.  Principles and Practices of Interconnection Networks , 2004 .

[2]  Owen Brown,et al.  System F6: Progress to Date , 2012 .

[3]  Ying Gao,et al.  SurfNoC: a low latency and provably non-interfering approach to secure networks-on-chip , 2013, ISCA.

[4]  Aniruddha S. Gokhale,et al.  F6COM: A component model for resource-constrained and dynamic space-based computing environments , 2013, 16th IEEE International Symposium on Object/component/service-oriented Real-time distributed Computing (ISORC 2013).

[5]  Onur Mutlu,et al.  Preemptive Virtual Clock: A flexible, efficient, and cost-effective QOS scheme for networks-on-chip , 2009, 2009 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[6]  Frederic T. Chong,et al.  Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security , 2011, 2011 38th Annual International Symposium on Computer Architecture (ISCA).

[7]  W. Paul,et al.  Computer Architecture , 2000, Springer Berlin Heidelberg.

[8]  Frederic T. Chong,et al.  Complete information flow tracking from the gates up , 2009, ASPLOS.

[9]  Krste Asanovic,et al.  Globally-Synchronized Frames for Guaranteed Quality-of-Service in On-Chip Networks , 2008, 2008 International Symposium on Computer Architecture.

[10]  Onur Mutlu,et al.  Topology-Aware quality-of-service support in highly integrated chip multiprocessors , 2010, ISCA'10.

[11]  Srinivas Devadas,et al.  Heracles: Fully Synthesizable Parameterized MIPS-Based Multicore System , 2011, 2011 21st International Conference on Field Programmable Logic and Applications.

[12]  G. Edward Suh,et al.  Efficient Timing Channel Protection for On-Chip Networks , 2012, 2012 IEEE/ACM Sixth International Symposium on Networks-on-Chip.

[13]  Onur Mutlu,et al.  Kilo-NOC: A heterogeneous network-on-chip architecture for scalability and service guarantees , 2011, 2011 38th Annual International Symposium on Computer Architecture (ISCA).