Software-defined hardware-assisted isolation for trusted next-generation IoT systems
- 25 April 2022
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM) in Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing
Abstract
To mitigate1 cybersecurity threats at the edge of the network in Internet-of Things (IoT) domains, recently, the use of networking technologies such as SDN-NFV has been proposed. Intelligent and dynamic security policy enforcement methodologies become increasingly important to bring more cautious in network communications for IoT services and applications which naturally embed traditional security and privacy risks, such as service hijacking, DDoS attack, denial service, IP spoofing, man-in-the-middle. To extend such frameworks, in this work we present a software-defined protection-oriented hardware technique to support physical isolation of memory compartments and of hardware devices such as DMAs and accelerators inside modern Systems-on-Chip (SoCs), not only at the edge but also at the IoT high-end accelerator-rich devices. In addition to network functions commonly supported in software-defined environments, we describe innovative lightweight software-controlled hardware mechanisms for enhancing IoT ecosystem security by design.Keywords
Funding Information
- EU/H2020 (869986)
This publication has 23 references indexed in Scilit:
- PAGURUS: Low-Overhead Dynamic Information Flow Tracking on Loosely Coupled AcceleratorsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2018
- ShieldBoxPublished by Association for Computing Machinery (ACM) ,2018
- Hardware-Based Trusted Computing Architectures for Isolation and AttestationInternational Conference on Acoustics, Speech, and Signal Processing (ICASSP), 2017
- ClickNPPublished by Association for Computing Machinery (ACM) ,2016
- A Hardware Scheduler for Multicore Block Cipher ProcessorPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- BlindBoxACM SIGCOMM Computer Communication Review, 2015
- I/O virtualization utilizing an efficient hardware system-level Memory Management UnitPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- Understanding DMA MalwarePublished by Springer Science and Business Media LLC ,2013
- Towards Full Virtualization of Heterogeneous NoC-based Multicore Embedded ArchitecturesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- Exploiting an I/OMMU vulnerabilityPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010