Lightweight reconfiguration security services for AXI-based MPSoCs

International audienceNowadays, security is a key constraint in MPSoC development as many critical and secret information can be stored and manipulated within these systems. Addressing the protection issue in an efficient way is challenging as information can leak from many points. However one strategic component of a bus-based MPSoC is the communication architecture as all information that an attacker could try to extract or modify would be visible on the bus. Thus monitoring and controlling communications allows an efficient protection of the whole system. Attacks can be detected and discarded before system corruption. In this work, we propose a lightweight solution to dynamically update hardware firewall enhancements which secure data exchanges in a bus-based MPSoC. It provides a standalone security solution for AXI-based embedded systems where no user intervention is required for security mechanisms update. An FPGA implementation demonstrates an area overhead of around 11% for the adaptive version of the hardware firewall compared to the static one

Bitstreams Repository Hierarchy for FPGA Partially Reconfigurable Systems

In this paper we present a hierarchy of bitstreams repositories for FPGA-based networked and partially reconfigurable systems. These systems target embedded systems with very scarce hardware resources taking advantage of dynamic, specific and optimized architectures. Based on FPGA integrated circuits, they require a single FPGA with a network controller and less external memories to store reconfiguration software, bitstreams and buffer pools used by today's standard communication protocols. Our measures, based on a real implementation, show that our repository hierarchy is functional and can download bitstreams with a reconfiguration speed ten times faster than known solutions

La Translation du quatrième Livre des Énéides de Virgile

LES QUATRE PRE-miers livres des Énéides du très élégant poète Virgile, Tra-duits de Latin en prose Fran-çaise, par madame Hélisenne,À LA TRADUCTION DESQUELS Y A PLURA-LITÉ DE PROPOS, QUI PAR MANIÈRE DE PHRASE Ysont ajoutés : ce que beaucoup sert à l’élucidation etdécoration desdits Livres, dirigés au très illu-stre et très auguste Prince François pre-mier de ce nom invictissime Roide France.De Crenne.Avec Privilège.On les vend à Paris, en la Rue neuve notre Dame à l’ensei-gne saint Jean Bapti..

La Translation du quatrième Livre des Énéides de Virgile

LES QUATRE PRE-miers livres des Énéides du très élégant poète Virgile, Tra-duits de Latin en prose Fran-çaise, par madame Hélisenne,À LA TRADUCTION DESQUELS Y A PLURA-LITÉ DE PROPOS, QUI PAR MANIÈRE DE PHRASE Ysont ajoutés : ce que beaucoup sert à l’élucidation etdécoration desdits Livres, dirigés au très illu-stre et très auguste Prince François pre-mier de ce nom invictissime Roide France.De Crenne.Avec Privilège.On les vend à Paris, en la Rue neuve notre Dame à l’ensei-gne saint Jean Bapti..

Bus-based MPSoC security through communication protection: A latency-efficient alternative

International audienceSecurity in MPSoC is gaining an increasing attention since several years. Digital convergence is one of the numerous reasons explaining such a focus on embedded systems as much sensitive and secret data are now stored, manipulated and exchanged in these systems. Most solutions are currently built at the software level; we believe hardware enhancements also play a major role in system protection. One strategic point is the communication layer as all data goes through it. Monitoring and controlling communications enable to fend off attacks before system corruption. In this work, we propose an efficient solution with several hardware enhancements to secure data exchanges in a bus-based MPSoC. Our approach relies on low complexity distributed firewalls connected to all critical IPs of the system. Designers can deploy different security policies (access right, data format, authentication, confidentiality) in order to protect the system in a flexible way. To illustrate the benefit of such a solution, implementations are discussed for different MPSoCs implemented on Xilinx Virtex-6 FPGAs. Results demonstrate a reduction up to 33% in terms of latency overhead compared to existing efforts

Reconfigurable Data Planes for Scalable Network Virtualization

Abstract—Network virtualization presents a powerful approach to share physical network infrastructure among multiple virtual networks. Recent advances in network virtualization advocate the use of field-programmable gate arrays (FPGAs) as flexible high performance alternatives to conventional host virtualization techniques. However, the limited on-chip logic and memory resources in FPGAs severely restrict the scalability of the virtualization platform and necessitate the implementation of efficient forwarding structures in hardware. The research described in this manuscript explores the implementation of a scalable heterogeneous network virtualization platform which integrates virtual data planes implemented in FPGAs with software data planes created using host virtualization techniques. The system exploits data plane heterogeneity to cater to the dynamic service requirements of virtual networks by migrating networks between software and hardware data planes. We demonstrate data plane migration as an effective technique to limit the impact of traffic on unmodified data planes during FPGA reconfiguration. Our system implements forwarding tables in a shared fashion using inexpensive off-chip memories and supports both Internet Protocol (IP) and non-IP based data planes. Experimental results show that FPGA-based data planes can offer two orders of magnitude better throughput than their software counterparts and FPGA reconfiguration can facilitate data plane customization within 12 seconds. An integrated system that supports up to 15 virtual networks has been validated on the NetFPGA platform

A Measurement of the Tau Hadronic Branching Ratios

The exclusive and semi-exclusive branching ratios of the tau lepton hadronic decay modes (h- v_t, h- pi0 v_t, h- pi0 pi0 v_t, h- \geq 2pi0 v_t, h- \geq 3pi0 v_t, 2h- h+ v_t, 2h- h+ pi0 v_t, 2h- h+ \geq 2pi0 v_t, 3h- 2h+ v_t and 3h- 2h+ \geq 1pi0 v_t) were measured with data from the DELPHI detector at LEP.Comment: 53 pages, 18 figures, Accepted by Eur. Phys. J.

Sécurité Haut-débit pour les Systèmes Embarqués à base de FPGAs

" [...] Then, we will build TV and radio like jewelry. TV in pockets, big as flashlights. No need to buy newspapers, we will connect ourselves to news, political, fashion, or sports programs. Or even to a crossword puzzle solver. And the street will present a singular spectacle. " R. Barjavel, " The eye of tomorrow ", 1947. French Scifi writer Renée Barjavel predicts in the late 40's the advent of what we know as smartphones. Funny scene, in fact, to see people into walking the streets, eyes fixed on the object in the palm of their hand. For better or for worse, the advent of networking has globally made embedded systems ubiquitous in our daily lives. Now in the cloud, the number of personal information in transit is huge and transfer speeds are still more important and require adequate security. However, the associated cost is generally economically deterrent. Offering ad-hoc security approaches for systems with such limited resources is the purpose of our work. Based on old and new techniques, we show that the pair embedded-security can be tuned, and avoid, an inevitable divorce." [...] Puis, l'on ferra des récepteurs de télévision bijoux, comme il y a des postes de TSF bijoux. Des postes de poches, grands comme une lampe électrique. Plus besoin d'acheter un journal, l'on se branchera sur l'émission d'information, ou sur l'éditorial politique, ou sur la chronique de mode, ou sur le compte rendu sportif. Voir même sur un problème de mots croisés. Et la rue présentera un singulier spectacle. " R. Barjavel, " La télévision, oeil de demain ", 1947. C'est ainsi que l'auteur de romans de science fiction et d'anticipation René Barjavel, avait prédit dés la fin des années 40 l'avènement de ce que nous connaissons sous le nom de smartphones. Drôle de scène, en effet, que de voir des individus déambuler dans les rues, les yeux rivés sur l'objet au creux de leur main. Pour le meilleur et pour le pire, l'avènement de la mise en réseau à l'échelle mondiale a rendu les systèmes embarqués omniprésents dans notre quotidien. Désormais dans le nuage, le nombre d'information personnel en transit et les vitesses de transfert toujours plus importants, imposent une sécurité adéquate. Cependant, le coût en général associé est économiquement dissuasif. Proposer des solutions de sécurité ad-hoc pour ces systèmes restreints en ressources, est le propos de nos travaux. S'appuyant sur des techniques à la fois anciennes et récentes, nous montrons que le couple embarqué/sécurité peut s'accorder, et éviter ainsi, une inévitable procédure de divorce

Distributed security for communications and memories in a multiprocessor architecture

International audienceThe need for security in embedded systems has strongly increased since several years. Nowadays, it is possible to integrate several processors in a single chip. The design of such multiprocessor systems-on-chip (MPSoC) must be done with a lot of care as the execution of applications may lead to potential vulnerabilities such as revelation of critical data and private information. Thus it becomes mandatory to deal with security issues all along the design cycle of the MPSoC in order to guarantee a global protection. Among the critical points, the protection of the communications is very sensible as most of the data are exchanged through the communication architecture of the system. This paper targets this point and proposes a solution with distributed enhancements to secure data exchanges and to monitor communications within a MPSoC. In order to validate our contribution, a case study based on a generic multiprocessor architecture is considered

Carte réduite des Mers du Nord

1 Map