A TrustZone-assisted secure silicon on a co-design framework

Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresEmbedded systems were for a long time, single-purpose and closed systems, characterized by hardware resource constraints and real-time requirements. Nowadays, their functionality is ever-growing, coupled with an increasing complexity and heterogeneity. Embedded applications increasingly demand employment of general-purpose operating systems (GPOSs) to handle operator interfaces and general-purpose computing tasks, while simultaneously ensuring the strict timing requirements. Virtualization, which enables multiple operating systems (OSs) to run on top of the same hardware platform, is gaining momentum in the embedded systems arena, driven by the growing interest in consolidating and isolating multiple and heterogeneous environments. The penalties incurred by classic virtualization approaches is pushing research towards hardware-assisted solutions. Among the existing commercial off-the-shelf (COTS) technologies for virtualization, ARM TrustZone technology is gaining momentum due to the supremacy and lower cost of TrustZone-enabled processors. Programmable system-on-chips (SoCs) are becoming leading players in the embedded systems space, because the combination of a plethora of hard resources with programmable logic enables the efficient implementation of systems that perfectly fit the heterogeneous nature of embedded applications. Moreover, novel disruptive approaches make use of field-programmable gate array (FPGA) technology to enhance virtualization mechanisms. This master’s thesis proposes a hardware-software co-design framework for easing the economy of addressing the new generation of embedded systems requirements. ARM TrustZone is exploited to implement the root-of-trust of a virtualization-based architecture that allows the execution of a GPOS side-by-side with a real-time OS (RTOS). RTOS services were offloaded to hardware, so that it could present simultaneous improvements on performance and determinism. Instead of focusing in a concrete application, the goal is to provide a complete framework, specifically tailored for Zynq-base devices, that developers can use to accelerate a bunch of distinct applications across different embedded industries.Os sistemas embebidos foram, durante muitos anos, sistemas com um simples e único propósito, caracterizados por recursos de hardware limitados e com cariz de tempo real. Hoje em dia, o número de funcionalidades começa a escalar, assim como o grau de complexidade e heterogeneidade. As aplicações embebidas exigem cada vez mais o uso de sistemas operativos (OSs) de uso geral (GPOS) para lidar com interfaces gráficas e tarefas de computação de propósito geral. Porém, os seus requisitos primordiais de tempo real mantém-se. A virtualização permite que vários sistemas operativos sejam executados na mesma plataforma de hardware. Impulsionada pelo crescente interesse em consolidar e isolar ambientes múltiplos e heterogéneos, a virtualização tem ganho uma crescente relevância no domínio dos sistemas embebidos. As adversidades que advém das abordagens de virtualização clássicas estão a direcionar estudos no âmbito de soluções assistidas por hardware. Entre as tecnologias comerciais existentes, a tecnologia ARM TrustZone está a ganhar muita relevância devido à supremacia e ao menor custo dos processadores que suportam esta tecnologia. Plataformas hibridas, que combinam processadores com lógica programável, estão em crescente penetração no domínio dos sistemas embebidos pois, disponibilizam um enorme conjunto de recursos que se adequam perfeitamente à natureza heterogénea dos sistemas atuais. Além disso, existem soluções recentes que fazem uso da tecnologia de FPGA para melhorar os mecanismos de virtualização. Esta dissertação propõe uma framework baseada em hardware-software de modo a cumprir os requisitos da nova geração de sistemas embebidos. A tecnologia TrustZone é explorada para implementar uma arquitetura que permite a execução de um GPOS lado-a-lado com um sistemas operativo de tempo real (RTOS). Os serviços disponibilizados pelo RTOS são migrados para hardware, para melhorar o desempenho e determinismo do OS. Em vez de focar numa aplicação concreta, o objetivo é fornecer uma framework especificamente adaptada para dispositivos baseados em System-on-chips Zynq, de forma a que developers possam usar para acelerar um vasto número de aplicações distintas em diferentes setores

Trusted execution environments leveraging reconfigurable FPGA technology

Compartmentalization techniques like Trusted Execution Environments (TEEs) are a well-established security strategy to provide increasing integrity and confidentiality for applications, from the edge to the cloud. TEEs are used to protect sensitive data and run security-critical applications on secure execution environments, isolated from the rest of the system. Notwithstanding, over the last few years, TEEs have been proven weak, as either TEEs built upon security-oriented hardware extensions (Arm TrustZone, Intel SGX) or resorting to dedicated secure elements were exploited multiple times. We present and discuss a novel TEE design that leverages reconfigurable FPGA technology. The main novelty relies on leveraging the programmable logic (PL) to create secure enclaves by instantiating a customized and dedicated security processor per application on a per-need basis. Unlike other TEE designs, our approach can provide high-bandwidth connections and physical on-chip isolation. We present a proof-of-concept (PoC) implementation targeting a Xilinx Zynq Ultrascale+ based platform and we detail how our design is interoperable with existing TEE stacks and compliant with the GlobalPlatform specification. To demonstrate the practicability of our approach in real-world applications, we run a legacy open-source bitcoin wallet.This work has been supported by FCT - Fundação para a Ciência e Tecnologia (FCT) within the R&D Units Project Scope UIDB/00319/2020 and grant SFRH/BD/145209/2019

Providing trusted execution environments using FPGA

Trusted Execution Environments (TEEs) drastically reduce the trusted computing base (TCB) of the systems by providing a secure execution environment for security-critical applications that are isolated from the operating system or the hypervisor. TEEs are often assumed to be highly secure; however, over the last few years, TEEs have been proven weak, as either TEEs built upon security-oriented hardware extensions (e.g., Arm TrustZone and Intel SGX) or resorting to dedicated secure elements were exploited multiple times. In this paper, we propose a novel TEE design, named Trusted Execution Environments On-Demand (TEEOD), which leverages the re configurable logic of FPGA-SoCs to dynamically provide secure execution environments for security-critical applications. Unlike other TEE designs, ours can provide high-bandwidth connections and physical on-chip isolation while providing configurable hard ware and software TCBs. We implemented a proof-of-concept (PoC) implementation targeting an Ultra96-V2 platform. The conducted evaluation demonstrated TEEOD can host up to 6 simultaneous enclaves with a resource usage per enclave of 7.0%, 3.8%, and 15.3% of the total LUTs, FFs, and BRAMS, respectively

FATORES INSTITUCIONAIS E ORGANIZACIONAIS QUE AFETAM A GESTÃO PROFISSIONAL DE DEPARTAMENTOS DE FUTEBOL DOS CLUBES: O CASO DOS CLUBES DE FUTEBOL NO BRASIL

A prática de esportes é uma via reconhecida de inclusão social. No contexto brasileiro, dentre as práticas esportivas, o futebol exerce grande influência social e econômica. Considerando a importância dos clubes de futebol nessa equação, é relevante entender os fatores relacionados à profissionalização de sua gestão. O futebol tem desempenhado, no Brasil, papéis que vão do entretenimento popular máximo às aplicações menos nobres, como o seu emprego para benefícios pessoais dos dirigentes e para manobras políticas. Fundamentando-se na Teoria Institucional e, mais especificamente, na corrente do neo-institucionalismo (DIMAGGIO; POWELL, 1991), o estudo tem como objetivo identificar aspectos relativos ao campo organizacional do futebol que constituem obstáculos ou facilitadores do processo de profissionalização da gestão do futebol nos clubes brasileiros, por meio da melhor compreensão das relações entre os seus diferentes atores. Os resultados apontam que a necessidade de profissionalização da gestão do futebol dos clubes brasileiros é uma percepção institucionalizada, e que sua efetivação pode apresentar impactos sociais, econômicos e financeiros positivos. Entretanto, este objetivo ainda enfrenta entraves práticos arraigados nos mais de cem anos de amadorismo, conservadorismo e prática oligárquica

MAMMALS IN PORTUGAL : A data set of terrestrial, volant, and marine mammal occurrences in P ortugal

Mammals are threatened worldwide, with 26% of all species being includedin the IUCN threatened categories. This overall pattern is primarily associatedwith habitat loss or degradation, and human persecution for terrestrial mam-mals, and pollution, open net fishing, climate change, and prey depletion formarine mammals. Mammals play a key role in maintaining ecosystems func-tionality and resilience, and therefore information on their distribution is cru-cial to delineate and support conservation actions. MAMMALS INPORTUGAL is a publicly available data set compiling unpublishedgeoreferenced occurrence records of 92 terrestrial, volant, and marine mam-mals in mainland Portugal and archipelagos of the Azores and Madeira thatincludes 105,026 data entries between 1873 and 2021 (72% of the data occur-ring in 2000 and 2021). The methods used to collect the data were: live obser-vations/captures (43%), sign surveys (35%), camera trapping (16%),bioacoustics surveys (4%) and radiotracking, and inquiries that represent lessthan 1% of the records. The data set includes 13 types of records: (1) burrowsjsoil moundsjtunnel, (2) capture, (3) colony, (4) dead animaljhairjskullsjjaws, (5) genetic confirmation, (6) inquiries, (7) observation of live animal (8),observation in shelters, (9) photo trappingjvideo, (10) predators dietjpelletsjpine cones/nuts, (11) scatjtrackjditch, (12) telemetry and (13) vocalizationjecholocation. The spatial uncertainty of most records ranges between 0 and100 m (76%). Rodentia (n=31,573) has the highest number of records followedby Chiroptera (n=18,857), Carnivora (n=18,594), Lagomorpha (n=17,496),Cetartiodactyla (n=11,568) and Eulipotyphla (n=7008). The data setincludes records of species classified by the IUCN as threatened(e.g.,Oryctolagus cuniculus[n=12,159],Monachus monachus[n=1,512],andLynx pardinus[n=197]). We believe that this data set may stimulate thepublication of other European countries data sets that would certainly contrib-ute to ecology and conservation-related research, and therefore assisting onthe development of more accurate and tailored conservation managementstrategies for each species. There are no copyright restrictions; please cite thisdata paper when the data are used in publications.info:eu-repo/semantics/publishedVersio