Secure Memory Accesses on Networks-on-Chip

Leandro Fiorin; Valerio Catalano; Cristina Silvano; Gianluca Palermo; Slobodan Lukovic

doi:10.1109/TC.2008.69

Publication
2008
Issue No. 9 - September
Abstract - Secure Memory Accesses on Networks-on-Chip

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Leandro Fiorin Articles by Gianluca Palermo Articles by Slobodan Lukovic Articles by Valerio Catalano Articles by Cristina Silvano

Secure Memory Accesses on Networks-on-Chip

September 2008 (vol. 57 no. 9)

pp. 1216-1229

	ASCII Text	x
	Leandro Fiorin, Gianluca Palermo, Slobodan Lukovic, Valerio Catalano, Cristina Silvano, "Secure Memory Accesses on Networks-on-Chip," IEEE Transactions on Computers, vol. 57, no. 9, pp. 1216-1229, September, 2008.

	BibTex	x
	@article{ 10.1109/TC.2008.69, author = {Leandro Fiorin and Gianluca Palermo and Slobodan Lukovic and Valerio Catalano and Cristina Silvano}, title = {Secure Memory Accesses on Networks-on-Chip}, journal ={IEEE Transactions on Computers}, volume = {57}, number = {9}, issn = {0018-9340}, year = {2008}, pages = {1216-1229}, doi = {http://doi.ieeecomputersociety.org/10.1109/TC.2008.69}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Computers TI - Secure Memory Accesses on Networks-on-Chip IS - 9 SN - 0018-9340 SP1216 EP1229 EPD - 1216-1229 A1 - Leandro Fiorin, A1 - Gianluca Palermo, A1 - Slobodan Lukovic, A1 - Valerio Catalano, A1 - Cristina Silvano, PY - 2008 KW - Networks-on-Chips KW - Security KW - Data Protection KW - Multiprocessor System-on-Chip VL - 57 JA - IEEE Transactions on Computers ER -

Leandro Fiorin, ALaRI, Faculty of Informatics, University of Lugano, Lugano

Gianluca Palermo, Dipartimento di Elettronica e Informazione, Politecnico di Milano, Milano, Italy

Slobodan Lukovic, ALaRI, Faculty of Informatics, University of Lugano, Lugano

Valerio Catalano, ST Microelectronics, AST Grenoble Lab, France

Cristina Silvano, Dipartimento di Elettronica e Informazione, Politecnico di Milano, Milano, Italy

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2008.69

Security is gaining increasing relevance in the development of embedded devices. Towards a secure system at each level of design, this paper addresses security aspects related to Network-on-Chip (NoC) architectures, foreseen as the communication infrastructure of next-generation embedded devices. In the context of NoC-based multiprocessor systems, we focus on the topic, not yet thoroughly faced, of data protection. In this paper, we present a secure NoC architecture composed of a set of Data Protection Units (DPUs) implemented within the Network Interfaces (NIs)\footnote{Part of this work is under patent pending}. The run-time configuration of the programmable part of the DPUs is managed by a central unit, the Network Security Manager (NSM). The DPU, similar to a firewall, can check and limit the access rights (none, read, write, or both) of processors accessing data and instructions in a shared memory - in particular distinguishing between the operating roles (supervisor/user and secure/unsecure) of the processing elements. We explore different alternative implementations for the DPU and demonstrate how this unit does not affect the network latency if the memory request has the appropriate rights. We also focus on the dynamic updating of the DPUs to support their utilization in dynamic environments, and on the utilization of authentication techniques to increase the level of security.

[1] “ITRS 2005 Documents,” http://www.itrs.net/links/2005itrshome2005.htm , 2005.
[2] W.J. Dally and B. Towles, “Route Packets, Not Wires: On-Chip Inteconnection Networks,” Proc. 38th Design Automation Conf., pp.684-689, June 2001.
[3] L. Benini and G. De Micheli, “Networks on Chips: A New SOC Paradigm,” Computer, 2002.
[4] P.P. Pande, C. Grecu, M. Jones, A. Ivanov, and R. Saleh, “Performance Evaluation and Design Trade-Offs for Network-on-Chip Interconnect Architectures,” IEEE Trans. Computers, vol. 54, no. 8, pp. 1025-1040, Aug. 2005.
[5] K. Goossens, J. Dielissen, and A. Radulescu, “AEthereal Network on Chip: Concepts, Architectures, and Implementations,” IEEE Design and Test of Computers, vol. 22, no. 5, pp. 414-421, Sept./Oct. 2005.
[6] A. Leroy, A. Marchal, A. Shickova, F. Catthoor, F. Robert, and D. Verkest, “Spatial Division Multiplexing: A Novel Approach for Guaranteed Throughput on NoCs,” Proc. Third IEEE/ACM/IFIP Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 81-86, Sept. 2005.
[7] M. Millberg, E. Nilsson, R. Thid, and A. Jantsch, “Guaranteed Bandwidth Using Looped Containers in Temporally Disjoint Networks within the Nostrum Network on Chip,” Proc. Conf. Design, Automation and Test in Europe, pp. 890-895, Feb. 2004.
[8] M. Coppola, S. Curaba, M.D. Grammatikakis, G. Maruccia, and F. Papariello, “OCCN: A Network-on-Chip Modeling and Simulation Framework,” Proc. Conf. Design, Automation and Test in Europe, pp. 174-179, Feb. 2004.
[9] J. Duato, S. Yalamanchili, and L. Ni, Interconnection Networks—An Engineering Approach. Morgan Kaufmann, 2002.
[10] E. Bolotin, I. Cidon, R. Ginosar, and A. Kolodny, “QNoC: QoS Architecture and Design Process for Network on Chip,” J. Systems Architecture, vol. 50, pp. 105-128, Jan. 2004.
[11] U.Y. Ogras, J. Hu, and R. Marculescu, “Key Research Problems in NoC Design: A Holistic Perspective,” Proc. Third IEEE/ACM/IFIP Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 69-74, Sept. 2005.
[12] T. Bjerregaard and S. Mahadevan, “A Survey of Research and Practices of Network-on-Chip,” ACM Computing Surveys, vol. 38, no. 1, p. 1, 2006.
[13] M. Palesi, R. Holsmark, S. Kumar, and V. Catania, “A Methodology for Design of Application Specific Deadlock-Free Routing Algorithms for NOC Systems,” Proc. Fourth Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 142-147, Oct. 2006.
[14] J. Hu and R. Marculescu, “DyAD Smart Routing for Networks-on-Chip,” Proc. 41st Design Automation Conf., pp. 260-263, June 2004.
[15] K. Srinivasan and K.S. Chatha, “A Technique for Low Energy Mapping and Routing in Network-on-Chip Architectures,” Proc. Int'l Symp. Low Power Electronics and Design, pp. 387-392, Aug. 2005.
[16] U.Y. Ogras and R. Marculescu, “Prediction-Based Flow Control for Network-on-Chip Traffic,” Proc. 43rd Design Automation Conf., pp. 839-844, July 2006.
[17] J. Hu and R. Marculescu, “Application-Specific Buffer Space Allocation for Networks-On-Chip Router Design,” Proc. IEEE/ACM Int'l Conf. Computer-Aided Design, pp. 354-361, Nov. 2004.
[18] Z. Guz, I. Walter, E. Bolotin, I. Cidon, R. Ginosar, and A. Kolodny, “Efficient Link Capacity and QoS Design for Network-on-Chip,” Proc. Conf. Design, Automation, and Test in Europe, pp. 9-14, Mar. 2006.
[19] E. Rijpkema, K.G.W. Goossens, A. Radulescu, J. Dielissen, J. van Meerbergen, P. Wielage, and E. Waterlander, “Trade Offs in the Design of a Router with Both Guaranteed and Best-Effort Services for Networks on Chip,” Proc. Conf. Design, Automation and Test in Europe, pp. 350-355, Mar. 2003.
[20] M.A.A. Faruque, G. Weiss, and J. Henkel, “Bounded Arbitration Algorithm for QoS-Supported On-Chip Communication,” Proc. Fourth Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 142-147, Oct. 2006.
[21] M. Harmanci, N. Pazos, Y. Leblebici, and P. Ienne, “Quantitative Modelling and Comparison of Communication Schemes to Guarantee Quality-of-Service in Networks-on-Chip,” Proc. IEEE Int'l Symp. Circuits and Systems, pp. 1782-1785, May 2005.
[22] C.H. Gebotys and Y. Zhang, “Security Wrappers and Power Analysis for SoC Technology,” Proc. First IEEE/ACM/IFIP Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 162-167, Oct. 2003.
[23] C.H. Gebotys and R.J. Gebotys, “A Framework for Security on NoC Technologies,” Proc. Ann. Symp. VLSI, pp. 113-117, Feb. 2003.
[24] S. Evain and J. Diguet, “From NoC Security Analysis to Design Solutions,” Proc. IEEE Workshop Signal Processing Systems Design and Implementation, pp. 166-171, Nov. 2005.
[25] J.P. Diguet, S. Evain, R. Vaslin, G. Gogniat, and E. Juin, “NoC-Centric Security of Reconfigurable SoC,” Proc. First Int'l Symp. Networks-on-Chip, pp. 223-232, May 2007.
[26] L. Fiorin, C. Silvano, and M. Sami, “Security Aspects in Networks-on-Chips: Overview and Proposals for Secure Implementations,” Proc. 10th EUROMICRO Conf. Digital System Design Architectures, Methods and Tools, pp. 539-542, Aug. 2007.
[27] G. De Micheli and L. Benini, Networks on Chips: Technology and Tools. Morgan Kaufmann, 2006.
[28] P. Kocher, R. Lee, G. McGraw, A. Raghunathan, and S. Ravi, “Security as a New Dimension in Embedded System Design,” Proc. 41st Design Automation Conf., pp. 753-760, June 2004.
[29] R. Vaslin, G. Gogniat, and J.P. Diguet, “Secure Architecture in Embedded Systems: An Overview,” Proc. Workshop Reconfigurable Comm.-Centric SoCs, July 2006.
[30] E. Chien and P. Szoe, “Blended Attacks Exploits, Vulnerabilities and Buffer Overflow Techniques in Computer Viruses,” white paper, Symantec, Sept. 2002.
[31] J. Quisquater and D. Samide, “Side Channel Cryptanalysis,” Proc. Workshop Scurit des Comm. sur Internet, 2002.
[32] C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole, “Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade,” Foundations of Intrusion Tolerant Systems, pp. 227-237, 2003.
[33] L. Fiorin, G. Palermo, S. Lukovic, and C. Silvano, “A Data Protection Unit for NoC-Based Architectures,” Proc. Fifth IEEE/ACM/IFIP Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 167-172, Sept.-Oct. 2007.
[34] Open Core Protocol Specification 2.2, 2006.
[35] “Symbos.cabir,” technical report, Symantec Corp., 2004.
[36] S. Ravi, A. Raghunathan, P. Kocher, and S. Hattangady, “Security in Embedded Systems: Design Challenges,” ACM Trans. Embedded Computing Systems, vol. 3, no. 3, pp. 461-491, Aug. 2004.
[37] D.C. Nash, T.L. Martin, D.S. Ha, and M.S. Hsiao, “Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices,” Proc. Third Int'l Conf. Pervasive Computing and Comm. Workshops, pp. 141-145, Mar. 2005.
[38] XOM Technical Information, http://www-vlsi.stanford.edu/liexom.htm, 2008.
[39] G. Edward Suh, C.W. O'Donnell, I. Sachdev, and S. Devadas, “Design and Implementation of the AEGIS Single-Chip Secure Processor,” Proc. 32nd Ann. Int'l Symp. Computer Architecture, pp.25-26, June 2005.
[40] J. Coburn, S. Ravi, A. Raghunathan, and S. Chakradhar, “SECA: Security-Enhanced Communication Architecture,” Proc. Int'l Conf. Compilers, Architecture, and Synthesis of Embedded Systems, pp. 78-89, Sept. 2005.
[41] T. Alves and D. Felton, “TrustZone: Integrated Hardware and Software Security,” white paper, ARM, 2004.
[42] “SonicsMX SMART Interconnect Datasheet,” http:/www.sonic sinc.com, 2008.
[43] Y. Zhang, L. Gao, J. Yang, X. Zhang, and R. Gupta, “Senss: Security Enhancement to Symmetric Shared Memory Multiprocessors,” Proc. 11th Int'l Symp. High-Performance Computer Architecture, pp. 352-362, Feb. 2005.
[44] B. Rogers, M. Prvulovic, and Y. Solihin, “Efficient Data Protection for Distributed Shared Memory Multiprocessors,” Proc. 15th Int'l Conf. Parallel Architectures and Compilation Techniques, pp. 84-94, Sept. 2006.
[45] www.modchip.com, 2008.
[46] S. Hansman and R. Hunt, “A Taxonomy of Network and Computer Attacks,” Computers & Security, vol. 24, no. 1, pp. 31-43, 2005.
[47] A. Radulescu, J. Dielissen, S.G. Pestana, O. Gangwal, E. Rijpkema, P. Wielage, and K. Goossens, “An Efficient On-Chip NI Offering Guaranteed Services, Shared-Memory Abstraction, and Flexible Network Configuration,” IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 24, no. 1, pp. 4-17, Jan. 2005.
[48] K. Pagiantzis and A. Sheikholeslami, “Content-Addressable Memory (CAM) Circuits and Architectures: A Tutorial and Survey,” IEEE J. Solid-State Circuits, vol. 41, no. 3, pp. 712-727, Mar. 2006.
[49] L.T. Heberlein and M. Bishop, “Attack Class: Address Spoofing,” Proc. 19th Nat'l Information Systems Security Conf., pp. 371-377, Oct. 1996.
[50] G. Palermo and C. Silvano, “Pirate: A Framework for Power/Performance Exploration of Network-On-Chip Architectures,” Proc. 14th Int'l Workshop Power and Timing Modeling, Optimization and Simulation, pp. 521-531, Sept. 2004.
[51] T.T. Ye, L. Benini, and G. De Micheli, “Packetized On-Chip Interconnect Communication Analysis for MPSoC,” Proc. Design, Automation and Test in Europe Conf. and Exhibition, pp. 344-349, Mar. 2003.
[52] A. Bona, V. Zaccaria, and R. Zafalon, “System Level Power Modeling and Simulation of High-End Industrial Network-on-Chip,” Proc. Design, Automation and Test in Europe Conf. and Exhibition, pp. 318-323, Feb. 2004.
[53] http:/www.arm.com, 2008.
[54] S. Wilton and N. Jouppi, “Cacti: An Enhanced Cache Access and Cycle Time Model,” IEEE J. Solid-State Circuits, vol. 31, no. 5, pp.677-688, May 1996.

Index Terms:

Networks-on-Chips, Security, Data Protection, Multiprocessor System-on-Chip

Citation:

Leandro Fiorin, Gianluca Palermo, Slobodan Lukovic, Valerio Catalano, Cristina Silvano, "Secure Memory Accesses on Networks-on-Chip," IEEE Transactions on Computers, vol. 57, no. 9, pp. 1216-1229, Sept. 2008, doi:10.1109/TC.2008.69

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.