Software-defined hardware-assisted isolation for trusted next-generation IoT systems

Abstract

To mitigate¹ cybersecurity threats at the edge of the network in Internet-of Things (IoT) domains, recently, the use of networking technologies such as SDN-NFV has been proposed. Intelligent and dynamic security policy enforcement methodologies become increasingly important to bring more cautious in network communications for IoT services and applications which naturally embed traditional security and privacy risks, such as service hijacking, DDoS attack, denial service, IP spoofing, man-in-the-middle. To extend such frameworks, in this work we present a software-defined protection-oriented hardware technique to support physical isolation of memory compartments and of hardware devices such as DMAs and accelerators inside modern Systems-on-Chip (SoCs), not only at the edge but also at the IoT high-end accelerator-rich devices. In addition to network functions commonly supported in software-defined environments, we describe innovative lightweight software-controlled hardware mechanisms for enhancing IoT ecosystem security by design.