The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.09 - September (2008 vol.57)
pp: 1216-1229
Gianluca Palermo , Dipartimento di Elettronica e Informazione, Politecnico di Milano, Milano, Italy
Leandro Fiorin , ALaRI, Faculty of Informatics, University of Lugano, Lugano
Valerio Catalano , ST Microelectronics, AST Grenoble Lab, France
Cristina Silvano , Dipartimento di Elettronica e Informazione, Politecnico di Milano, Milano, Italy
ABSTRACT
Security is gaining increasing relevance in the development of embedded devices. Towards a secure system at each level of design, this paper addresses security aspects related to Network-on-Chip (NoC) architectures, foreseen as the communication infrastructure of next-generation embedded devices. In the context of NoC-based multiprocessor systems, we focus on the topic, not yet thoroughly faced, of data protection. In this paper, we present a secure NoC architecture composed of a set of Data Protection Units (DPUs) implemented within the Network Interfaces (NIs)\footnote{Part of this work is under patent pending}. The run-time configuration of the programmable part of the DPUs is managed by a central unit, the Network Security Manager (NSM). The DPU, similar to a firewall, can check and limit the access rights (none, read, write, or both) of processors accessing data and instructions in a shared memory - in particular distinguishing between the operating roles (supervisor/user and secure/unsecure) of the processing elements. We explore different alternative implementations for the DPU and demonstrate how this unit does not affect the network latency if the memory request has the appropriate rights. We also focus on the dynamic updating of the DPUs to support their utilization in dynamic environments, and on the utilization of authentication techniques to increase the level of security.
INDEX TERMS
Networks-on-Chips, Security, Data Protection, Multiprocessor System-on-Chip
CITATION
Gianluca Palermo, Leandro Fiorin, Valerio Catalano, Cristina Silvano, "Secure Memory Accesses on Networks-on-Chip", IEEE Transactions on Computers, vol.57, no. 9, pp. 1216-1229, September 2008, doi:10.1109/TC.2008.69
REFERENCES
[1] “ITRS 2005 Documents,” http://www.itrs.net/links/2005itrshome2005.htm , 2005.
[2] W.J. Dally and B. Towles, “Route Packets, Not Wires: On-Chip Inteconnection Networks,” Proc. 38th Design Automation Conf., pp.684-689, June 2001.
[3] L. Benini and G. De Micheli, “Networks on Chips: A New SOC Paradigm,” Computer, 2002.
[4] P.P. Pande, C. Grecu, M. Jones, A. Ivanov, and R. Saleh, “Performance Evaluation and Design Trade-Offs for Network-on-Chip Interconnect Architectures,” IEEE Trans. Computers, vol. 54, no. 8, pp. 1025-1040, Aug. 2005.
[5] K. Goossens, J. Dielissen, and A. Radulescu, “AEthereal Network on Chip: Concepts, Architectures, and Implementations,” IEEE Design and Test of Computers, vol. 22, no. 5, pp. 414-421, Sept./Oct. 2005.
[6] A. Leroy, A. Marchal, A. Shickova, F. Catthoor, F. Robert, and D. Verkest, “Spatial Division Multiplexing: A Novel Approach for Guaranteed Throughput on NoCs,” Proc. Third IEEE/ACM/IFIP Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 81-86, Sept. 2005.
[7] M. Millberg, E. Nilsson, R. Thid, and A. Jantsch, “Guaranteed Bandwidth Using Looped Containers in Temporally Disjoint Networks within the Nostrum Network on Chip,” Proc. Conf. Design, Automation and Test in Europe, pp. 890-895, Feb. 2004.
[8] M. Coppola, S. Curaba, M.D. Grammatikakis, G. Maruccia, and F. Papariello, “OCCN: A Network-on-Chip Modeling and Simulation Framework,” Proc. Conf. Design, Automation and Test in Europe, pp. 174-179, Feb. 2004.
[9] J. Duato, S. Yalamanchili, and L. Ni, Interconnection Networks—An Engineering Approach. Morgan Kaufmann, 2002.
[10] E. Bolotin, I. Cidon, R. Ginosar, and A. Kolodny, “QNoC: QoS Architecture and Design Process for Network on Chip,” J. Systems Architecture, vol. 50, pp. 105-128, Jan. 2004.
[11] U.Y. Ogras, J. Hu, and R. Marculescu, “Key Research Problems in NoC Design: A Holistic Perspective,” Proc. Third IEEE/ACM/IFIP Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 69-74, Sept. 2005.
[12] T. Bjerregaard and S. Mahadevan, “A Survey of Research and Practices of Network-on-Chip,” ACM Computing Surveys, vol. 38, no. 1, p. 1, 2006.
[13] M. Palesi, R. Holsmark, S. Kumar, and V. Catania, “A Methodology for Design of Application Specific Deadlock-Free Routing Algorithms for NOC Systems,” Proc. Fourth Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 142-147, Oct. 2006.
[14] J. Hu and R. Marculescu, “DyAD Smart Routing for Networks-on-Chip,” Proc. 41st Design Automation Conf., pp. 260-263, June 2004.
[15] K. Srinivasan and K.S. Chatha, “A Technique for Low Energy Mapping and Routing in Network-on-Chip Architectures,” Proc. Int'l Symp. Low Power Electronics and Design, pp. 387-392, Aug. 2005.
[16] U.Y. Ogras and R. Marculescu, “Prediction-Based Flow Control for Network-on-Chip Traffic,” Proc. 43rd Design Automation Conf., pp. 839-844, July 2006.
[17] J. Hu and R. Marculescu, “Application-Specific Buffer Space Allocation for Networks-On-Chip Router Design,” Proc. IEEE/ACM Int'l Conf. Computer-Aided Design, pp. 354-361, Nov. 2004.
[18] Z. Guz, I. Walter, E. Bolotin, I. Cidon, R. Ginosar, and A. Kolodny, “Efficient Link Capacity and QoS Design for Network-on-Chip,” Proc. Conf. Design, Automation, and Test in Europe, pp. 9-14, Mar. 2006.
[19] E. Rijpkema, K.G.W. Goossens, A. Radulescu, J. Dielissen, J. van Meerbergen, P. Wielage, and E. Waterlander, “Trade Offs in the Design of a Router with Both Guaranteed and Best-Effort Services for Networks on Chip,” Proc. Conf. Design, Automation and Test in Europe, pp. 350-355, Mar. 2003.
[20] M.A.A. Faruque, G. Weiss, and J. Henkel, “Bounded Arbitration Algorithm for QoS-Supported On-Chip Communication,” Proc. Fourth Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 142-147, Oct. 2006.
[21] M. Harmanci, N. Pazos, Y. Leblebici, and P. Ienne, “Quantitative Modelling and Comparison of Communication Schemes to Guarantee Quality-of-Service in Networks-on-Chip,” Proc. IEEE Int'l Symp. Circuits and Systems, pp. 1782-1785, May 2005.
[22] C.H. Gebotys and Y. Zhang, “Security Wrappers and Power Analysis for SoC Technology,” Proc. First IEEE/ACM/IFIP Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 162-167, Oct. 2003.
[23] C.H. Gebotys and R.J. Gebotys, “A Framework for Security on NoC Technologies,” Proc. Ann. Symp. VLSI, pp. 113-117, Feb. 2003.
[24] S. Evain and J. Diguet, “From NoC Security Analysis to Design Solutions,” Proc. IEEE Workshop Signal Processing Systems Design and Implementation, pp. 166-171, Nov. 2005.
[25] J.P. Diguet, S. Evain, R. Vaslin, G. Gogniat, and E. Juin, “NoC-Centric Security of Reconfigurable SoC,” Proc. First Int'l Symp. Networks-on-Chip, pp. 223-232, May 2007.
[26] L. Fiorin, C. Silvano, and M. Sami, “Security Aspects in Networks-on-Chips: Overview and Proposals for Secure Implementations,” Proc. 10th EUROMICRO Conf. Digital System Design Architectures, Methods and Tools, pp. 539-542, Aug. 2007.
[27] G. De Micheli and L. Benini, Networks on Chips: Technology and Tools. Morgan Kaufmann, 2006.
[28] P. Kocher, R. Lee, G. McGraw, A. Raghunathan, and S. Ravi, “Security as a New Dimension in Embedded System Design,” Proc. 41st Design Automation Conf., pp. 753-760, June 2004.
[29] R. Vaslin, G. Gogniat, and J.P. Diguet, “Secure Architecture in Embedded Systems: An Overview,” Proc. Workshop Reconfigurable Comm.-Centric SoCs, July 2006.
[30] E. Chien and P. Szoe, “Blended Attacks Exploits, Vulnerabilities and Buffer Overflow Techniques in Computer Viruses,” white paper, Symantec, Sept. 2002.
[31] J. Quisquater and D. Samide, “Side Channel Cryptanalysis,” Proc. Workshop Scurit des Comm. sur Internet, 2002.
[32] C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole, “Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade,” Foundations of Intrusion Tolerant Systems, pp. 227-237, 2003.
[33] L. Fiorin, G. Palermo, S. Lukovic, and C. Silvano, “A Data Protection Unit for NoC-Based Architectures,” Proc. Fifth IEEE/ACM/IFIP Int'l Conf. Hardware/Software Codesign and System Synthesis, pp. 167-172, Sept.-Oct. 2007.
[34] Open Core Protocol Specification 2.2, 2006.
[35] “Symbos.cabir,” technical report, Symantec Corp., 2004.
[36] S. Ravi, A. Raghunathan, P. Kocher, and S. Hattangady, “Security in Embedded Systems: Design Challenges,” ACM Trans. Embedded Computing Systems, vol. 3, no. 3, pp. 461-491, Aug. 2004.
[37] D.C. Nash, T.L. Martin, D.S. Ha, and M.S. Hsiao, “Towards an Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computing Devices,” Proc. Third Int'l Conf. Pervasive Computing and Comm. Workshops, pp. 141-145, Mar. 2005.
[38] XOM Technical Information, http://www-vlsi.stanford.edu/liexom.htm, 2008.
[39] G. Edward Suh, C.W. O'Donnell, I. Sachdev, and S. Devadas, “Design and Implementation of the AEGIS Single-Chip Secure Processor,” Proc. 32nd Ann. Int'l Symp. Computer Architecture, pp.25-26, June 2005.
[40] J. Coburn, S. Ravi, A. Raghunathan, and S. Chakradhar, “SECA: Security-Enhanced Communication Architecture,” Proc. Int'l Conf. Compilers, Architecture, and Synthesis of Embedded Systems, pp. 78-89, Sept. 2005.
[41] T. Alves and D. Felton, “TrustZone: Integrated Hardware and Software Security,” white paper, ARM, 2004.
[42] “SonicsMX SMART Interconnect Datasheet,” http:/www.sonic sinc.com, 2008.
[43] Y. Zhang, L. Gao, J. Yang, X. Zhang, and R. Gupta, “Senss: Security Enhancement to Symmetric Shared Memory Multiprocessors,” Proc. 11th Int'l Symp. High-Performance Computer Architecture, pp. 352-362, Feb. 2005.
[44] B. Rogers, M. Prvulovic, and Y. Solihin, “Efficient Data Protection for Distributed Shared Memory Multiprocessors,” Proc. 15th Int'l Conf. Parallel Architectures and Compilation Techniques, pp. 84-94, Sept. 2006.
[45] www.modchip.com, 2008.
[46] S. Hansman and R. Hunt, “A Taxonomy of Network and Computer Attacks,” Computers & Security, vol. 24, no. 1, pp. 31-43, 2005.
[47] A. Radulescu, J. Dielissen, S.G. Pestana, O. Gangwal, E. Rijpkema, P. Wielage, and K. Goossens, “An Efficient On-Chip NI Offering Guaranteed Services, Shared-Memory Abstraction, and Flexible Network Configuration,” IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 24, no. 1, pp. 4-17, Jan. 2005.
[48] K. Pagiantzis and A. Sheikholeslami, “Content-Addressable Memory (CAM) Circuits and Architectures: A Tutorial and Survey,” IEEE J. Solid-State Circuits, vol. 41, no. 3, pp. 712-727, Mar. 2006.
[49] L.T. Heberlein and M. Bishop, “Attack Class: Address Spoofing,” Proc. 19th Nat'l Information Systems Security Conf., pp. 371-377, Oct. 1996.
[50] G. Palermo and C. Silvano, “Pirate: A Framework for Power/Performance Exploration of Network-On-Chip Architectures,” Proc. 14th Int'l Workshop Power and Timing Modeling, Optimization and Simulation, pp. 521-531, Sept. 2004.
[51] T.T. Ye, L. Benini, and G. De Micheli, “Packetized On-Chip Interconnect Communication Analysis for MPSoC,” Proc. Design, Automation and Test in Europe Conf. and Exhibition, pp. 344-349, Mar. 2003.
[52] A. Bona, V. Zaccaria, and R. Zafalon, “System Level Power Modeling and Simulation of High-End Industrial Network-on-Chip,” Proc. Design, Automation and Test in Europe Conf. and Exhibition, pp. 318-323, Feb. 2004.
[53] http:/www.arm.com, 2008.
[54] S. Wilton and N. Jouppi, “Cacti: An Enhanced Cache Access and Cycle Time Model,” IEEE J. Solid-State Circuits, vol. 31, no. 5, pp.677-688, May 1996.
5 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool