113 research outputs found
AKER: A Design and Verification Framework for Safe andSecure SoC Access Control
Modern systems on a chip (SoCs) utilize heterogeneous architectures where
multiple IP cores have concurrent access to on-chip shared resources. In
security-critical applications, IP cores have different privilege levels for
accessing shared resources, which must be regulated by an access control
system. AKER is a design and verification framework for SoC access control.
AKER builds upon the Access Control Wrapper (ACW) -- a high performance and
easy-to-integrate hardware module that dynamically manages access to shared
resources. To build an SoC access control system, AKER distributes the ACWs
throughout the SoC, wrapping controller IP cores, and configuring the ACWs to
perform local access control. To ensure the access control system is
functioning correctly and securely, AKER provides a property-driven security
verification using MITRE common weakness enumerations. AKER verifies the SoC
access control at the IP level to ensure the absence of bugs in the
functionalities of the ACW module, at the firmware level to confirm the secure
operation of the ACW when integrated with a hardware root-of-trust (HRoT), and
at the system level to evaluate security threats due to the interactions among
shared resources. The performance, resource usage, and security of access
control systems implemented through AKER is experimentally evaluated on a
Xilinx UltraScale+ programmable SoC, it is integrated with the OpenTitan
hardware root-of-trust, and it is used to design an access control system for
the OpenPULP multicore architecture
Network Interface Design for Network-on-Chip
In the culture of globalized integrated circuit (IC, a.k.a chip) production, the use of Intellectual Property (IP) cores, computer aided design tools (CAD) and testing services from un-trusted vendors are prevalent to reduce the time to market. Unfortunately, the globalized business model potentially creates opportunities for hardware tampering and modification from adversary, and this tampering is known as hardware Trojan (HT). Network-on-chip (NoC) has emerged as an efficient on-chip communication infrastructure. In this work, the security aspects of NoC network interface (NI), one of the most critical components in NoC will be investigated and presented. Particularly, the NI design, hardware attack models and countermeasures for NI in a NoC system are explored.
An OCP compatible NI is implemented in an IBM0.18ìm CMOS technology. The synthesis results are presented and compared with existing literature. Second, comprehensive hardware attack models targeted for NI are presented from system level to circuit level. The impact of hardware Trojans on NoC functionality and performance are evaluated. Finally, a countermeasure method is proposed to address the hardware attacks in NIs
QoSS Hierarchical NoC-Based Architecture for MPSoC Dynamic Protection
As electronic systems are pervading our lives, MPSoC (multiprocessor system-on-chip) security is becoming an important requirement. MPSoCs are able to support multiple applications on the same chip. The challenge is to provide MPSoC security that makes possible a trustworthy system that meets the performance and security requirements of all the applications. The network-on-chip (NoC) can be used to efficiently incorporate security. Our work proposes the implementation of QoSS (quality of security service) to overcome present MPSoC vulnerabilities. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. QoSS takes advantage of the NoC wide system visibility and critical role in enabling system operation, exploiting the NoC components to detect and prevent a wide range of attacks. In this paper, we present the implementation of a layered dynamic security NoC architecture that integrates agile and dynamic security firewalls in order to detect attacks based on different security rules. We evaluate the effectiveness of our approach over several MPSoCs scenarios and estimate their impact on the overall performance. We show that our architecture can perform a fast detection of a wide range of attacks and a fast configuration of different security policies for several MPSoC applications
Developoing A Computer and Network Engineering Major Curriculum For Vocational High School (VHS) in Indonesia
This study aims at developing curriculum for Computer and Network Engineering major which is relevant to industrial needs.
The study employed the qualitative method. The data were collected through an in-depth interview, documentation, and focus group disscussion. The research population comprised of (1) industry practitioners from computer and network engineering industries, and (2) teachers of vocational high schools in Special Region of Yogyakarta. In this qualitative research, the one who became the instrument or tool of the research was the researcher himself. Understanding the qualitative research method and the knowledge related to the field of the research, the researcher was sure that he had sufficient knowledge both academically and technically.
The findings of this study consisted of four parts, namely (1) standard competence of Computer and Network Engineering major for vocational high school; (2) the curriculum of Computer and Network Engineering major that is currently implemented; (3) competences in the field of Computer and Network Engineering demanded by industries; and (4) the curricuulum of Computer and Network Engineering major that is appropriate for industrial needs
Prime Field ECDSA Signature Processing for Reconfigurable Embedded Systems
Growing ubiquity and safety relevance of embedded
systems strengthen the need to protect their functionality against
malicious attacks. Communication and system authentication
by digital signature schemes is a major issue in securing such
systems. This contribution presents a complete ECDSA signature
processing system over prime fields for bit lengths of up to 256
on reconfigurable hardware. By using dedicated hardware implementation,
the performance can be improved by up to two orders
of magnitude compared to microcontroller implementations. The
flexible system is tailored to serve as an autonomous subsystem
providing authentication transparent for any application. Integration
into a vehicle-to-vehicle communication system is shown
as an application example
- …