120 research outputs found
Towards Runtime Customizable Trusted Execution Environment on FPGA-SoC
Processing sensitive data and deploying well-designed Intellectual Property
(IP) cores on remote Field Programmable Gate Array (FPGA) are prone to private
data leakage and IP theft. One effective solution is constructing Trusted
Execution Environment (TEE) on FPGA-SoCs (FPGA System on Chips). Researchers
have integrated this type TEE with Trusted Platform Module (TPM)-based trusted
boot, denoted as FPGA-SoC tbTEE. But there is no effort on secure and trusted
runtime customization of FPGA-SoC TEE. This paper extends FPGA-SoC tbTEE to
build Runtime Customizable TEE (RCTEE) on FPGA-SoC by additive three major
components (our work): 1) CrloadIP, which can load an IP core at runtime such
that RCTEE can be adjusted dynamically and securely; 2) CexecIP, which can not
only execute an IP core without modifying the operating system of FPGA-SoC TEE,
but also prevent insider attacks from executing IPs deployed in RCTEE; 3)
CremoAT, which can provide the newly measured RCTEE state and establish a
secure and trusted communication path between remote verifiers and RCTEE. We
conduct a security analysis of RCTEE and its performance evaluation on Xilinx
Zynq UltraScale+ XCZU15EG 2FFVB1156 MPSoC
A TrustZone-assisted hypervisor supporting dynamic partial reconfiguration
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresTraditionally, embedded systems were dedicated single-purpose systems characterised
by hardware resource constraints and real-time requirements. However,
with the growing computing abilities and resources on general purpose platforms,
systems that were formerly divided to provide different functions are now merging
into one System on Chip. One of the solutions that allows the coexistence
of heterogeneous environments on the same hardware platform is virtualization
technology, usually in the form of an hypervisor that manage different instances
of OSes and arbitrate their execution and resource usage, according to the chosen
policy.
ARM TrustZone has been one of the technologies used to implement a virtualization
solution with low overhead and low footprint. µRTZVisor a TrustZoneassisted
hypervisor with a microkernel-like architecture - is a bare-metal embedded
hypervisor that relies on TrustZone hardware to provide the foundation to implement
strong spatial and temporal isolation between multiple guest OSes.
The use of Partial Reconfiguration allows the designer to define partial reconfigurable
regions in the FPGA and reconfigure them during runtime. This allows
the system to have its functionalities changed during runtime using Dynamic Partial
Reconfiguration (DPR), without needing to reconfigure all the FPGA. This
is a major advantage, as it decreases the configuration overhead since partial bitstreams
are smaller than full bitstreams and the reconfiguration time is shorter.
Another advantage is reducing the need for larger logic areas and consequently
reducing their power consumption.
Therefore, a hypervisor that supports DPR brings benefits to the system. Aside
from better FPGA resources usage, another improvement that it brings, is when
critical hardware modules misbehave and the hardware module can be replaced.
It also enables the controlling and changing of hardware accelerators dynamically,
which can be used to meet the guest OSes requests for hardware resources as the
need appears. The propose of this thesis is extending the µRTZVisor to have a
DPR mechanism.Tradicionalmente, os sistemas embebidos eram sistemas dedicados a uma única
tarefa e apenas limitados pelos seus requisitos de tempo real e de hardware. Contudo,
como as plataformas de uso geral têm cada vez mais recursos e capacidade
de processamento, muitos dos sistemas que executavam separadamente, passaram
a apenas um sistema em plataforma recorrendo à tecnologia de virtualização, normalmente
como um hipervisor que é capaz de gerir múltiplos sistemas operativos
arbitrando a sua execução e acesso aos recursos da plataforma de acordo com uma
politica predefinida.
A tecnologia TrustZone da ARM tem sido uma das soluções implementadas
sem ter grande impacto na performance dos sistemas operativos. µRTZVisor é um
dos hipervisores baseados na TrustZone para implementar um isolamento espacial
e temporal entre múltiplos sistemas operativos, sendo que defere de outras uma
vez que é de arquitectura microkernel.
O uso de Reconfiguração Parcial Dinâmica (RPD) permite ao designer definir
várias regiões reconfiguráveis no FPGA que podem ser dinamicamente reconfiguradas
durante o período de execução. Esta é uma grande vantagem, porque reduz
os tempos de reconfiguração de módulos reconfiguráveis uma vez que os seus bitstreams
são mais pequenos que bitstreams para a plataforma toda. A tecnologia
também permite que nos FPGAs não sejam necessárias áreas lógicas tão grandes,
o que também reduz o consumo de energia da plataforma.
Um hipervisor que suporte RPD traz grandes benefícios para o sistema, nomeadamente
melhor uso dos recursos de FPGA, implementação de aceleradores em
hardware dinamicamente reconfiguráveis, e tratamento de falhas no hardware. Se
houverem módulos que estejam a demonstrar comportamentos inesperados estes
podem ser reconfigurados. O uso de aceleradores reconfiguráveis permite que o
hardware seja adaptável conforme a necessidade destes pelos diferentes sistemas
operativos. A proposta desta dissertação é então estender o µRTZVisor para ter
a capacidade de usar módulos reconfiguráveis por RPD
A TrustZone-assisted secure silicon on a co-design framework
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresEmbedded systems were for a long time, single-purpose and closed systems, characterized
by hardware resource constraints and real-time requirements. Nowadays, their functionality is
ever-growing, coupled with an increasing complexity and heterogeneity. Embedded applications
increasingly demand employment of general-purpose operating systems (GPOSs) to handle operator
interfaces and general-purpose computing tasks, while simultaneously ensuring the strict
timing requirements. Virtualization, which enables multiple operating systems (OSs) to run on
top of the same hardware platform, is gaining momentum in the embedded systems arena,
driven by the growing interest in consolidating and isolating multiple and heterogeneous environments.
The penalties incurred by classic virtualization approaches is pushing research towards
hardware-assisted solutions. Among the existing commercial off-the-shelf (COTS) technologies for
virtualization, ARM TrustZone technology is gaining momentum due to the supremacy and lower
cost of TrustZone-enabled processors.
Programmable system-on-chips (SoCs) are becoming leading players in the embedded systems
space, because the combination of a plethora of hard resources with programmable logic
enables the efficient implementation of systems that perfectly fit the heterogeneous nature of
embedded applications. Moreover, novel disruptive approaches make use of field-programmable
gate array (FPGA) technology to enhance virtualization mechanisms.
This master’s thesis proposes a hardware-software co-design framework for easing the economy
of addressing the new generation of embedded systems requirements. ARM TrustZone is
exploited to implement the root-of-trust of a virtualization-based architecture that allows the execution
of a GPOS side-by-side with a real-time OS (RTOS). RTOS services were offloaded to hardware,
so that it could present simultaneous improvements on performance and determinism. Instead
of focusing in a concrete application, the goal is to provide a complete framework, specifically tailored
for Zynq-base devices, that developers can use to accelerate a bunch of distinct applications
across different embedded industries.Os sistemas embebidos foram, durante muitos anos, sistemas com um simples e único
propósito, caracterizados por recursos de hardware limitados e com cariz de tempo real. Hoje
em dia, o número de funcionalidades começa a escalar, assim como o grau de complexidade
e heterogeneidade. As aplicações embebidas exigem cada vez mais o uso de sistemas operativos
(OSs) de uso geral (GPOS) para lidar com interfaces gráficas e tarefas de computação de
propósito geral. Porém, os seus requisitos primordiais de tempo real mantém-se. A virtualização
permite que vários sistemas operativos sejam executados na mesma plataforma de hardware.
Impulsionada pelo crescente interesse em consolidar e isolar ambientes múltiplos e heterogéneos,
a virtualização tem ganho uma crescente relevância no domínio dos sistemas embebidos.
As adversidades que advém das abordagens de virtualização clássicas estão a direcionar estudos
no âmbito de soluções assistidas por hardware. Entre as tecnologias comerciais existentes, a
tecnologia ARM TrustZone está a ganhar muita relevância devido à supremacia e ao menor custo
dos processadores que suportam esta tecnologia.
Plataformas hibridas, que combinam processadores com lógica programável, estão em crescente
penetração no domínio dos sistemas embebidos pois, disponibilizam um enorme conjunto
de recursos que se adequam perfeitamente à natureza heterogénea dos sistemas atuais. Além
disso, existem soluções recentes que fazem uso da tecnologia de FPGA para melhorar os mecanismos
de virtualização.
Esta dissertação propõe uma framework baseada em hardware-software de modo a cumprir
os requisitos da nova geração de sistemas embebidos. A tecnologia TrustZone é explorada para
implementar uma arquitetura que permite a execução de um GPOS lado-a-lado com um sistemas
operativo de tempo real (RTOS). Os serviços disponibilizados pelo RTOS são migrados
para hardware, para melhorar o desempenho e determinismo do OS. Em vez de focar numa
aplicação concreta, o objetivo é fornecer uma framework especificamente adaptada para dispositivos
baseados em System-on-chips Zynq, de forma a que developers possam usar para acelerar
um vasto número de aplicações distintas em diferentes setores
Trusted execution environments leveraging reconfigurable FPGA technology
Compartmentalization techniques like Trusted
Execution Environments (TEEs) are a well-established security
strategy to provide increasing integrity and confidentiality for
applications, from the edge to the cloud. TEEs are used to protect
sensitive data and run security-critical applications on secure
execution environments, isolated from the rest of the system.
Notwithstanding, over the last few years, TEEs have been proven
weak, as either TEEs built upon security-oriented hardware
extensions (Arm TrustZone, Intel SGX) or resorting to dedicated
secure elements were exploited multiple times. We present and
discuss a novel TEE design that leverages reconfigurable FPGA
technology. The main novelty relies on leveraging the
programmable logic (PL) to create secure enclaves by instantiating
a customized and dedicated security processor per application on
a per-need basis. Unlike other TEE designs, our approach can
provide high-bandwidth connections and physical on-chip
isolation. We present a proof-of-concept (PoC) implementation
targeting a Xilinx Zynq Ultrascale+ based platform and we detail
how our design is interoperable with existing TEE stacks and
compliant with the GlobalPlatform specification. To demonstrate
the practicability of our approach in real-world applications, we
run a legacy open-source bitcoin wallet.This work has been supported by FCT - Fundação para a
Ciência e Tecnologia (FCT) within the R&D Units Project
Scope UIDB/00319/2020 and grant SFRH/BD/145209/2019
VOSYSmonitor, a Low Latency Monitor Layer for Mixed-Criticality Systems on ARMv8-A
With the emergence of multicore embedded System on Chip (SoC), the integration of several applications with different levels of criticality on the same platform is becoming increasingly popular. These platforms, known as mixed-criticality systems, need to meet numerous requirements such as real-time constraints, Operating System (OS) scheduling, memory and OSes isolation.
To construct mixed-criticality systems, various solutions, based on virtualization extensions, have been presented where OSes are contained in a Virtual Machine (VM) through the use of a hypervisor. However, such implementations usually lack hardware features to ensure a full isolation of other bus masters (e.g., Direct Memory Access (DMA) peripherals, Graphics Processing Unit (GPU)) between OSes. Furthermore on multicore implementation, one core is usually dedicated to one OS, causing CPU underutilization.
To address these issues, this paper presents VOSYSmonitor, a multi-core software layer, which allows the co-execution of a safety-critical Real-Time Operating System (RTOS) and a non-critical General Purpose Operating System (GPOS) on the same hardware ARMv8-A platform.
VOSYSmonitor main differentiation factors with the known solutions is the possibility for a processor to switch between secure and non-secure code execution at runtime. The partitioning is ensured by the ARM TrustZone technology, thus allowing to preserve the usage of virtualization features for the GPOS.
VOSYSmonitor architecture will be detailed in this paper, while benchmarking its performance versus other known solutions
Arm TrustZone: evaluating the diversity of the memory subsystem
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresThe diversification of the embedded market has led the once single-purpose built embedded
device to become a broader concept that can accommodate more general-purpose solutions,
by widening its hardware and software resources. A huge diversity in system resources and
requirements has boosted the investigation around virtualization technology, which is becoming
prevalent in the embedded systems domain, allowing timing and spatial sharing of hardware and
software resources between specialized subsystems. As strict timing demands imposed in realtime
virtualized systems must be met, coupled with a small margin for the penalties incurred
by conventional software-based virtualization, resort to hardware-assisted solutions has become
indispensable.
Although not a virtualization but security-oriented technology, Arm TrustZone is seen by many
as a reliable hardware-based virtualization alternative, with the low cost and high spread of
TrustZone-enabled processors standing as strong arguments for its acceptance. But, since Trust-
Zone only dictates the hardware infrastructure foundations, providing SoC designers with a range
of components that can fulfil specific functions, several key-components and subsystems of this
technology are implementation defined. This approach may hinder a system designer’s work, as
it may impair and make the portability of system software a lot more complicated.
As such, this thesis proposes to examine how different manufacturers choose to work with
the TrustZone architecture, and how the changes introduced by this technology may affect the
security and performance of TrustZone-assisted virtualization solutions, in order to scale back
those major constraints. It identifies the main properties that impact the creation and execution
of system software and points into what may be the most beneficial approaches for developing
and using TrustZone-assisted hardware and software.A recente metamorfose na área dos sistemas embebidos transformou estes dispositivos,
outrora concebidos com um único e simples propósito, num aglomerado de subsistemas prontos
para integrar soluções mais flexíveis. Este aumento de recursos e de requisitos dos sistemas
potenciou a investigação em soluções de virtualização dos mesmos, permitindo uma partilha
simultânea de recursos de hardware e software entre os vários subsistemas. A proliferação destas
soluções neste domínio, onde os tempos de execução têm de ser respeitados e a segurança é
um ponto-chave, tem levado à adoção de técnicas de virtualização assistidas por hardware.
Uma tecnologia que tem vindo a ser utilizada para este fim é a Arm TrustZone, apesar de
inicialmente ter sido desenvolvida como uma tecnologia de proteção, dado a sua maior presença
em placas de médio e baixo custo quando comparada a outras tecnologias. Infelizmente, dado
que a TrustZone apenas fornece diretrizes base sobre as quais os fabricantes podem contruir
os seus sistemas, as especificações da tecnologia divergem de fabricante para fabricante, ou
até entre produtos com a mesma origem. Aliada à geral escassez de informação sobre esta
tecnologia, esta característica pode trazer problemas para a criação e portabilidade de software
de sistema dependente desta tecnologia.
Como tal, a presente tese propõe examinar, de uma forma sistematizada, de que forma diferentes
fabricantes escolhem implementar sistemas baseados na arquitetura TrustZone e em que
medida as mudanças introduzidas por esta tecnologia podem afetar a segurança e desempenho
de soluções de virtualização baseadas na mesma. São identificadas as principais características
que podem influenciar a criação e execução de software de sistema e potenciais medidas para
diminuir o seu impacto, assim como boas práticas a seguir no desenvolvimento na utilização de
software e hardware baseados na TrustZone
- …