Paper Info
Title
Security Effectiveness and a Hardware Firewall for MPSoCs
Abstract
There is a constant increase in the interest shown for trusted computing in the embedded domain. In an MPSoC each processing element such as a CPU could request accessing any physical resource of the device such as a memory or an I/O component. Along with normal requests, malevolent ones could occur produced by malware applications or processes running in one or more CPUs. A protection mechanism is required to prevent injection of malicious data across the device, e.g. Unsafe data written by a CPU into a memory address, which are read later by another CPU. A considerable amount of research has been devoted in security for MPSoCs, but limited work exists in performing protection at the source instead of the target, thus cutting-off malicious content at an early stage prior to entering the on-chip network. In the present work we focus on the side of the CPU connected to the SoC network. We are envisioning a self-contained NoC firewall, which by checking the physical address of a request to a memory-mapped device against a set of rules, rejects untrusted CPU requests to the on-chip memory, thus protecting all legitimate applications running in a shared-memory SoC. To sustain high-performance we implemented the firewall in hardware, while rule-checking is performed at segment-level based on deny rules. To evaluate the impact of security mechanisms we developed a novel framework based on gem5, coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics called Spider on STNoC. Tests include several scenarios with legitimate and malicious processes running in different CPUs requesting access to shared memory. Preliminary results show that the incorporation of a security mechanism in the network interface can have a positive effect on network performance by reducing both the end-to-end delivery time of packets, and the power consumed from unnecessary transmissions. From the network aspect, this effect is independent of the pe- formance of implementation itself, e.g. Either a hardware or a software solution equally relieves the network from unnecessary loads. Finally, we compare the performance of our hardware approach over a simple equivalent software solution. Certainly, this comparison favours hardware by considerable margins, however we use it only as reference to illustrate the merit from implementing protection in hardware. The purpose of the present study is three-fold. First, we present the proposed hardware NoC firewall. Then we examine the effect on network transmissions from incorporating a security mechanism in the network interface, to do this we developed a novel framework. Finally, we include preliminary performance results of our NoC firewall and a simple yet indicative comparison with a software solution.
Year
DOI
Venue
2014
10.1109/HPCC.2014.173
High Performance Computing and Communications, 2014 IEEE 6th Intl Symp Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf Embedded Software and Syst
Keywords
Field
DocType
firewalls,invasive software,network interfaces,shared memory systems,system-on-chip,trusted computing,MPSoCs,STMicroelectronics,Spider on STNoC,commercial point-to-point interconnect,coupling ARM technology,deny rules,gem5,hardware NoC firewall,malicious data injection,malware applications,memory-mapped device,network interface security mechanism,on-chip memory,security effectiveness,self-contained NoC firewall,shared-memory SoC,trusted computing,untrusted CPU requests,MPSoC,NoC,STNoC,firewall,gem5,hardware,security
Trusted Computing,Physical address,Computer science,Computer network,Real-time computing,Memory address,Computer hardware,MPSoC,Distributed computing,Network interface,Firewall (construction),Application firewall,Network performance,Embedded system
Conference
Citations 
PageRank 
References 
8
0.64
9
Authors
4
Name
Order
Citations
PageRank
Grammatikakis, M.D.1332.46
catalin ciobanu2191.88
Polydoros Petrakis393.40
Antonis Papagrigoriou4124.08