QoSS Hierarchical NoC-Based Architecture for MPSoC Dynamic Protection

As electronic systems are pervading our lives, MPSoC (multiprocessor system-on-chip) security is becoming an important requirement. MPSoCs are able to support multiple applications on the same chip. The challenge is to provide MPSoC security that makes possible a trustworthy system that meets the performance and security requirements of all the applications. The network-on-chip (NoC) can be used to efficiently incorporate security. Our work proposes the implementation of QoSS (quality of security service) to overcome present MPSoC vulnerabilities. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. QoSS takes advantage of the NoC wide system visibility and critical role in enabling system operation, exploiting the NoC components to detect and prevent a wide range of attacks. In this paper, we present the implementation of a layered dynamic security NoC architecture that integrates agile and dynamic security firewalls in order to detect attacks based on different security rules. We evaluate the effectiveness of our approach over several MPSoCs scenarios and estimate their impact on the overall performance. We show that our architecture can perform a fast detection of a wide range of attacks and a fast configuration of different security policies for several MPSoC applications

Selected papers from the symposium on integrated circuits and systems design (SBCCI 2011)

1 Dipartimento di Ingegneria dell'Informazione, Universita Politecnica delle Marche, Via Brecce Bianche, Ancona, Italy 2 Centro de Engenharia Eletrica e Informatica, Universidade Federal de Campina Grande, Brazil 3 Institute for Information Processing Technology (ITIV), Karlsruhe Institute of Technology (KIT), 76131 Karlsruhe, Germany 4Centro de Informatica, Universidade Federal da Paraiba, Joao Pessoa, Brazi

A comprehensive approach to MPSoC security: achieving network-on-chip security : a hierarchical, multi-agent approach

Multiprocessor Systems-on-Chip (MPSoCs) are pervading our lives, acquiring ever increasing relevance in a large number of applications, including even safety-critical ones. MPSoCs, are becoming increasingly complex and heterogeneous; the Networks on Chip (NoC paradigm has been introduced to support scalable on-chip communication, and (in some cases) even with reconfigurability support. The increased complexity as well as the networking approach in turn make security aspects more critical. In this work we propose and implement a hierarchical multi-agent approach providing solutions to secure NoC based MPSoCs at different levels of design. We develop a flexible, scalable and modular structure that integrates protection of different elements in the MPSoC (e.g. memory, processors) from different attack scenarios. Rather than focusing on protection strategies specifically devised for an individual attack or a particular core, this work aims at providing a comprehensive, system-level protection strategy: this constitutes its main methodological contribution. We prove feasibility of the concepts via prototype realization in FPGA technology

Design and Programming Methods for Reconfigurable Multi-Core Architectures using a Network-on-Chip-Centric Approach

A current trend in the semiconductor industry is the use of Multi-Processor Systems-on-Chip (MPSoCs) for a wide variety of applications such as image processing, automotive, multimedia, and robotic systems. Most applications gain performance advantages by executing parallel tasks on multiple processors due to the inherent parallelism. Moreover, heterogeneous structures provide high performance/energy efficiency, since application-specific processing elements (PEs) can be exploited. The increasing number of heterogeneous PEs leads to challenging communication requirements. To overcome this challenge, Networks-on-Chip (NoCs) have emerged as scalable on-chip interconnect. Nevertheless, NoCs have to deal with many design parameters such as virtual channels, routing algorithms and buffering techniques to fulfill the system requirements. This thesis highly contributes to the state-of-the-art of FPGA-based MPSoCs and NoCs. In the following, the three major contributions are introduced. As a first major contribution, a novel router concept is presented that efficiently utilizes communication times by performing sequences of arithmetic operations on the data that is transferred. The internal input buffers of the routers are exchanged with processing units that are capable of executing operations. Two different architectures of such processing units are presented. The first architecture provides multiply and accumulate operations which are often used in signal processing applications. The second architecture introduced as Application-Specific Instruction Set Routers (ASIRs) contains a processing unit capable of executing any operation and hence, it is not limited to multiply and accumulate operations. An internal processing core located in ASIRs can be developed in C/C++ using high-level synthesis. The second major contribution comprises application and performance explorations of the novel router concept. Models that approximate the achievable speedup and the end-to-end latency of ASIRs are derived and discussed to show the benefits in terms of performance. Furthermore, two applications using an ASIR-based MPSoC are implemented and evaluated on a Xilinx Zynq SoC. The first application is an image processing algorithm consisting of a Sobel filter, an RGB-to-Grayscale conversion, and a threshold operation. The second application is a system that helps visually impaired people by navigating them through unknown indoor environments. A Light Detection and Ranging (LIDAR) sensor scans the environment, while Inertial Measurement Units (IMUs) measure the orientation of the user to generate an audio signal that makes the distance as well as the orientation of obstacles audible. This application consists of multiple parallel tasks that are mapped to an ASIR-based MPSoC. Both applications show the performance advantages of ASIRs compared to a conventional NoC-based MPSoC. Furthermore, dynamic partial reconfiguration in terms of relocation and security aspects are investigated. The third major contribution refers to development and programming methodologies of NoC-based MPSoCs. A software-defined approach is presented that combines the design and programming of heterogeneous MPSoCs. In addition, a Kahn-Process-Network (KPN) –based model is designed to describe parallel applications for MPSoCs using ASIRs. The KPN-based model is extended to support not only the mapping of tasks to NoC-based MPSoCs but also the mapping to ASIR-based MPSoCs. A static mapping methodology is presented that assigns tasks to ASIRs and processors for a given KPN-model. The impact of external hardware components such as sensors, actuators and accelerators connected to the processors is also discussed which makes the approach of high interest for embedded systems

1987 Session Fiscal Report, 1987

This Report is intended to provide interested persons with information on General Fund and non-General Fund appropriations, receipts, and legislation that has a significant fiscal impact on the State of Iowa. Included in this Report is the following information: appropriations summary; General Fund balance sheet; balance sheets for various other funds; and bill summaries for subcommittee and other miscellaneous appropriation acts. Also included are the final action versions of the Fiscal Notes issued during the Legislative Session for all enacted legislation with a fiscal impact of $100,000 or more

Design of NoC-Based communication structure that implements Quality and Security services

Os atuais sistemas eletrônicos desenvolvidos na forma de SoCs (Sistemas-sobre-Silício) são caracterizados pelo incremento de informação crítica que é capturada, armazenada e processada. Com a introdução dos SoCs nos sistemas distribuídos que promovem o compartilhamento dos recursos, a segurança vem se transformando num requisito de projeto extremamente importante. Os atuais SoCs são alvo de ataques. O desafio consiste em projetar um SoC seguro que satisfaça os requisitos de segurança e desempenho, próprios para cada aplicação. A estrutura de comunicação está se tornando o coração do SoC. Esta possui um impacto significativo no desempenho do sistema. A inclusão de serviços de segurança na estrutura de comunicação é vantajosa devido à sua capacidade de: 1) monitorar a informação transmitida; 2) detectar violações; 3) bloquear ataques; e 4) fornecer informações para diagnóstico e ativação de mecanismos de recuperação e defesa. O presente trabalho propõe a implementação do conceito de QoSS (Qualidade do Serviço de Segurança) no projeto da estrutura de comunicação baseada em redes intrachip (NoCs, Network-on-Chip). QoSS permite a inclusão da segurança como uma dimensão de QoS (Quality-of-Sevice), admitindo a existência de diferentes níveis de proteção. A adoção do QoSS no projeto das NoCs permite a exploração do espaço de projeto das NoCs levando em consideração o compromisso entre a segurança do sistema e o desempenho do sistema. A inclusão do QoSS na NoC é realizada através de uma metodologia que inclui 5 etapas: definição, descrição, implementação, avaliação e otimização. Como resultado é obtido um conjunto de NoCsQoSS que satisfazem os requisitos de segurança e desempenho do sistema. Criamos neste trabalho o ambiente de simulação APOLLO que fornece suporte na rápida exploração do espaço de soluções a partir de modelos SystemC-TLM do SoC. Neste trabalho, apresentamos três estudos de caso que utilizam a nossa metodologia de projeto de NoCs com QoSS na implementação de políticas de segurança estática e dinâmica. Os serviços de segurança de controle de acesso e autenticação foram implementados de duas formas: na interface da rede e no roteador. Realizamos a avaliação da eficácia e eficiência das NoCs resultantes sob diferentes condições de ataques e de tráfego, resultado da variação topológica do tráfego, natureza e tipo de tráfego. Mostramos que a implementação da segurança no roteador é mais eficiente que a implementação na interface da rede em termos de latência e potência sob todas as diferentes condições de tráfego. Porém, a utilização na interface permite a inclusão das características da segurança na NoC de uma maneira mais simples. Desta forma para sistemas complexos a implementação na interface é vantajosa.As embedded electronic systems are pervading our lives, security is emerging as an extremely important design requirement. Due to the increasing complexity, intrinsic embedded constraints and strict requirements, security and performance are considered challenging tasks. Most of the current electronic systems embedded in a SoC (System-on-Chip) are used to capture, store, manipulate and access sensitive data and perform several critical functions without security guarantee. The challenge is to provide SoC security that allows a trustworthy system that meets the security and performance requirements. As security requirements vary dramatically for different applications, differentiated security services are necessary. The SoC communication structure is becoming the heart of the SoC. It has a significant impact on the overall system performance. The security services integration at the communication structure take advantage of its wide system visibility and critical role in enabling the system operation. It is able to: 1) monitor data transfer; 2) detect attacks; 3) block attacks; and 4) supply information for trigger suitable recovery mechanisms. This work proposes the implementation of the QoSS (Quality-of-Security-Service) concept at the NoC-based communication structure design. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. In contrast with previous works, the different security levels deployment allow a best trade-of the system security and performance requirements. The QoSS integration is carried out trough a 5 step methodology: definition, description, implementation, evaluation and optimization. As a result a set of NoCs-QoSS that satisfies the security and performance requirements are obtained. We use the framework APOLLO that integrates a set of tools, allowing the fast exploration of the huge NoC design space. In this work we present 2 study cases that uses our methodology in order to design a NoC-QoSS that supports static and a dynamic security policies and also satisfies the security and performance requirements. Two security services: Access Control and authentication are implemented at the NoC interface and at the NoC router. The final configurations are evaluated under different traffic and attack conditions. We show that the security implementation at the router is latency and power consumption efficient that the implementation at the network interface under all the traffic conditions. However, the security implementation at the network interface allows the integration of the security characteristics in a simpler way