André Seffrin

Bil: A tool-chain for bitstream reverse-engineering

This paper performs an investigation into the security of Xilinx FPGA bitstreams, introducing a tool-chain for reversing bitstreams back to their device-specific netlists. Bitstream reversal is performed by querying a database containing the mapping of bitstream bits to their related configurable FPGA resources and a secondary database describing the FPGA structure. The mapping database is created by applying an algorithm that correlates binary bitstream data with data extracted from a corresponding netlist. The resource database is derived from a textual device description which can be obtained from the Xilinx design flow. The method can successfully reverse certain sections of the bitstream, although complete bitstream reversal remains infeasible for the time being. The presented tool-chain, the Bitfile Interpretation Library (BIL), improves on previous attempts at bitstream reverse engineering. It is made available as open source for further development.

Cellular-Array Implementations of Bio-inspired Self-healing Systems: State of the Art and Future Perspectives

This survey aims to give an overview of bio-inspired systems which employ cellular arrays in order to achieve redundancy and self-healing capabilities. In spite of numerous publications in this particular field, only a few fundamentally different architectures exist. After a general introduction to research concerning bio-inspired systems, we describe these fundamental system types and evaluate their advantages and disadvantages. In addition, we identify areas of interest for future research.

State space optimization within the DEVS model of computation for timing efficiency

This paper presents a state optimization approach within the Discrete Event System Specification Model of Computation. The goal of state optimization is to significantly soften the timing requirements of the model when transformed to a hardware implementation. The algorithm presented relocates the behaviour of zero-timeout states into adjacent states. Thus, the resulting model has much better timing properties, which considerably increase the amount of suitable target hardware architectures. The feasibility of the approach is demonstrated by means of a complex Digital Visual Interface controller application example.

Minimal physical resource allocation of pi-calculus schedules to dynamically reconfigurable platforms

Dynamic partial reconfiguration enables the reconfiguration of hardware devices at run-time, which saves resources, but introduces additional design complexity. Various methods exist for the specification of reconfiguration schedules, which are either too simple for the description of complex processes, or are inherently difficult to verify. We employ a variant of the π-calculus for modelling dynamic partial reconfiguration. The π-calculus is a process algebra originally constructed for modelling communicating systems, but can be repurposed as a scheduling method for dynamic partial reconfiguration on FPGA devices. In order to apply this type of scheduling for the design of hardware systems, it has to be determined how to allocate the scheduled tasks on the device. By use of a verification tool for the π-calculus, constraints can be extracted from a given system specification. These constraints form the basis to derive the placement of the reconfigurable areas in an automatic fashion.

Constraint-driven automatic generation of interconnect for partially reconfigurable architectures (abstract only)

Dynamic partial reconfiguration allows the exchange of hardware configurations on FPGAs at run-time. Within a reconfigurable system that supports several different modules, resource requirements for interconnect between these modules may be considerably high. Enabling communication via a crossbar may require too many resources. State-of-the-art modelling methods for partial dynamic reconfiguration already support the fine-grained description of interaction between the partial modules. We propose both an online and an offline method for automatically generating interconnect according to such communication constraints, aiming at a low resource usage. The online algorithm determines an appropriate port assignment for the partial modules by means of a greedy approach and exploits port overlaps. The offline algorithm employs simulated annealing in order to find a proper port assignment and also incorporates the scheme for exploiting port overlaps. Constraint-generated interconnect requires significantly less resources than a crossbar, even if only a random port assignment is used. Proper port assignment by the online method reduces these requirements by an additional 10%, and using the offline method reduces them by an additional 30% on average. Online port assignment is faster than the offline method by several orders of magnitude. The interconnect generation tool introduced in this work takes textual input of communication constraints and automatically generates a corresponding hardware description in VHDL.

Ensuring Secure Information Flow in Partially Reconfigurable Architectures by Means of Process Algebra Analysis

Field-programmable gate arrays (FPGAs) provide a means to massively parallelize computations. In order to make more efficient use of FPGA devices, the method of partial dynamic reconfiguration can be applied: By means of this approach, the FPGA configuration is updated at run-time so that the device can feature new functionality. If multiple stakeholders make use of the same device, it has to be ensured that confidential information cannot be leaked between these parties. Therefore, all feasible hazards of illicit information flow need to be taken into account. In this work, partial dynamic reconfiguration is scheduled using the \picalc, a process algebra. Within the presented framework, a variant of the \picalc is employed to activate and deactivate partial modules and to rearrange their interconnect. The modules employed by different stakeholders use ports for communication, for which valid targets of information flow can be defined. By means of formal verification, it is evaluated whether the information flow between functional units of the stakeholders proceeds according to the specification. Using a set of analysis rules, an associated tool can verify whether a given reconfiguration schedule ensures secure information flow.

Hardware-accelerated execution of Pi-calculus reconfiguration schedules

The π-calculus is a process algebra originally designed for modelling communicating systems. In this work, it is applied to the design of schedules for partial dynamic reconfiguration, which denote when modules become active and which channels they use for communication. While the execution of the π-calculus in software is possible, a direct execution in hardware is desirable for two reasons: Firstly, direct hardware execution removes the requirement to use a softcore processor. As will be shown in this paper, π-calculus processes only have a tiny hardware footprint. Secondly, the π-calculus is inherently concurrent, and its execution on dedicated hardware can thus be greatly accelerated. This can be used in order to speed up the simulation of schedules. The acceleration of π-calculus simulation may have applications in other fields, since the π-calculus has been used for modelling systems in a wide range of disciplines, for instance in computational biology. The paper shows how π-calculus primitives can be translated into corresponding hardware modules. Since this is difficult to do manually, a tool was created which automatically maps complete processes into synthesizable VHDL code.

A novel design flow for tamper-resistant self-healing properties of FPGA devices without configuration readback capability

Self-healing systems can restore their original functionality by use of run-time self-reconfiguration, a feature supplied by state of the art FPGA devices. Commonly, integrity checks are performed by reading back the device configuration and validating its hash value. Systems which are prone to tampering and piracy of intellectual property may disable configuration readback, which renders this method infeasible. We propose to secure systems by use of test vectors, requiring a certain system input sequence to always generate the same system output. The presented security mechanism is hard to tamper with and does not interfere with normal system operation. Although the required hardware overhead may be high in general, we show that the overhead can be kept relatively low if the method is applied only to select parts of the system, without any detrimental effect to the level of security that our mechanism provides. The mechanism is introduced into VHDL code using an automatic process. This approach to self-test and self-healing has been implemented on a Xilinx Virtex-5 device.