On-chip Data Security Against Untrustworthy Software and Hardware IPs in Embedded Systems
- 1 July 2018
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)
Abstract
State-of-the-art system-on-chip (SoC) field programmable gate arrays (FPGAs) integrate hard powerful ARM processor cores and the reconfigurable logic fabric on a single chip in addition to many commonly needed high performance and high-bandwidth peripherals. The increasing reliance on untrustworthy third-party IP (3PIP) cores, including both hardware and software in FPGA-based embedded systems has made the latter increasingly vulnerable to security attacks. Detection of trojans in 3PIPs is extremely difficult to current static detection methods since there is no golden reference model for 3PIPs. Moreover, many FPGA-based embedded systems do not have the support of security services typically found in operating systems. In this paper, we present our run-time, low-cost, and low-latency hardware and software based solution for protecting data stored in on-chip memory blocks, which has attracted little research attention. The implemented memory protection design consists of a hierarchical top-down structure and controls memory access from software IPs running on the processor and hardware IPs running in the FPGA, based on a set of rules or access rights configurable at run time. Additionally, virtual addressing and encryption of data for each memory help protect confidentiality of data in case of a failure of the memory protection unit, making it hard for the attacker to gain access to the data stored in the memory. The design is implemented and tested on the Intel (Altera) DE1-SoC board featuring a SoC FPGA that integrates a dual-core ARM processor with reconfigurable logic and hundreds of memory blocks. The experimental results and case studies show that the protection model is successful in eliminating malicious IPs from the system without need for reconfiguration of the FPGA. It prevents unauthorized accesses from untrusted IPs, while arbitrating access from trusted IPs generating legal memory requests, without incurring a serious area or latency penalty.Keywords
This publication has 15 references indexed in Scilit:
- Data Secrecy Protection Through Information Flow Tracking in Proof-Carrying Hardware IP—Part I: Framework FundamentalsIEEE Transactions on Information Forensics and Security, 2017
- Secure and Dependable NoC-Connected Systems on an FPGA ChipIEEE Transactions on Reliability, 2016
- Hardware TrojansACM Transactions on Design Automation of Electronic Systems, 2016
- A separation and protection scheme for on-chip memory blocks in FPGAsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Memory security in reconfigurable computers: Combining formal verification with monitoringPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- Configurable memory security in embedded systemsACM Transactions on Embedded Computing Systems, 2013
- Side-channel attacks on the bitstream encryption mechanism of Altera Stratix IIPublished by Association for Computing Machinery (ACM) ,2013
- Low-power and real-time address translation through arithmetic operations for virtual memory support in embedded systemsIET Computers & Digital Techniques, 2008
- Policy-Driven Memory Protection for Reconfigurable HardwareLecture Notes in Computer Science, 2006
- On the buzzword 'security policy'Published by Institute of Electrical and Electronics Engineers (IEEE) ,2002