Antonis Papagrigoriou

Security in MPSoCs: A NoC Firewall and an Evaluation Framework

In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as on-chip memory or I/O devices. Along with normal requests, malevolent ones, generated by malicious processes running in one or more CPUs, could occur. A protection mechanism is therefore required to prevent injection of malicious instructions or data across the system. We propose a self-contained Network-on-Chip (NoC) firewall at the network interface (NI) layer which, by checking the physical address against a set of rules, rejects untrusted CPU requests to the on-chip memory, thus protecting all legitimate processes running in a multicore SoC. To sustain high performance, we implement the firewall in hardware, with rule-checking performed at segment-level based on deny rules. Furthermore, to evaluate its impact, we develop a novel framework on top of gem5 simulation environment, coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics (STNoC). Simulation tests include scenarios in which legitimate and malicious processes, running in different CPUs, request access to shared memory. Our results indicate that a firewall implementation at the NI can have a positive effect on network performance by reducing both end-to-end network delay and power consumption. We also show that our coarse-grain firewall can prevent saturation of the on-chip network and performs better than fine-grain alternatives that perform rule checking at page-level. Simulation results are accompanied with field measurements performed on a Zedboard platform running Linux, whereas the NoC Firewall is implemented as a reconfigurable, memory-mapped device on top of AMBA AXI4 interconnect fabric.

Security Effectiveness and a Hardware Firewall for MPSoCs

There is a constant increase in the interest shown for trusted computing in the embedded domain. In an MPSoC each processing element such as a CPU could request accessing any physical resource of the device such as a memory or an I/O component. Along with normal requests, malevolent ones could occur produced by malware applications or processes running in one or more CPUs. A protection mechanism is required to prevent injection of malicious data across the device, e.g. Unsafe data written by a CPU into a memory address, which are read later by another CPU. A considerable amount of research has been devoted in security for MPSoCs, but limited work exists in performing protection at the source instead of the target, thus cutting-off malicious content at an early stage prior to entering the on-chip network. In the present work we focus on the side of the CPU connected to the SoC network. We are envisioning a self-contained NoC firewall, which by checking the physical address of a request to a memory-mapped device against a set of rules, rejects untrusted CPU requests to the on-chip memory, thus protecting all legitimate applications running in a shared-memory SoC. To sustain high-performance we implemented the firewall in hardware, while rule-checking is performed at segment-level based on deny rules. To evaluate the impact of security mechanisms we developed a novel framework based on gem5, coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics called Spider on STNoC. Tests include several scenarios with legitimate and malicious processes running in different CPUs requesting access to shared memory. Preliminary results show that the incorporation of a security mechanism in the network interface can have a positive effect on network performance by reducing both the end-to-end delivery time of packets, and the power consumed from unnecessary transmissions. From the network aspect, this effect is independent of the performance of implementation itself, e.g. Either a hardware or a software solution equally relieves the network from unnecessary loads. Finally, we compare the performance of our hardware approach over a simple equivalent software solution. Certainly, this comparison favours hardware by considerable margins, however we use it only as reference to illustrate the merit from implementing protection in hardware. The purpose of the present study is three-fold. First, we present the proposed hardware NoC firewall. Then we examine the effect on network transmissions from incorporating a security mechanism in the network interface, to do this we developed a novel framework. Finally, we include preliminary performance results of our NoC firewall and a simple yet indicative comparison with a software solution.

Hardware Support for Cost-Effective System-Level Protection in Multi-core SoCs

The increasing adoption of multi-core Systems-on-Chip (SoC) in critical systems has turned security into an important design requirement. In addition to making a SoC tamper-resistant by embedding cryptographic solutions, in order to make a system robust, we need to control the level of access to the critical functions and capabilities. We propose a hardware protection architecture to enhance a traditional SoC platform in terms of protection. These hardware enhancements focus on isolating physical memory compartments by applying access rules, thus we allow dynamic security policies to be enforced at the hardware for protection against untrustworthy hardware or software components. We present and analyze an implementation of a prototype that allows sixteen concurrently active protection domains at a system cost of less that three percent and negligible operational overhead.

On-chip networks for mixed-criticality systems

We propose the integration of a network-on-chip-based MPSoC in mixed-criticality systems, i.e. systems running applications with different criticality levels in terms of completing their execution within predefined time limits. An MPSoC contains tiles that can be either CPUs or memories, and we connect them with an instance of a customizable point-to-point interconnect from STMicroelectronics called STNoC. We explore whether the on-chip network capacity is sufficient for meeting the deadlines of external high critical workloads, and at the same time for serving less critical workloads that are generated internally. To evaluate the on-chip network we vary its configuration parameters, such as the link-width, and the Quality-of-Service (QoS), in specific the number (1 or 2) and type (high or low priority) of virtual channels (VCs), and the relative priority of packets from different flows sharing the same VC.

Monitoring-Aware Virtual Platform Prototype of Heterogeneous NoC-Based Multicore SoCs

We present an open SystemC-based virtual platform that fits the design flow of heterogeneous, self-adaptive shared memory-based multicore SoCs by supporting concept validation and verification of equivalent RTL models, early software development of corresponding system drivers and efficient design space exploration at an early stage of the design. We examine connectivity, functionality and interaction among its components, such as CPU, memory and NoC, and outline innovative features related to supporting system-level monitoring via time-driven and event-based shared memory primitives. As a case-study, we consider co-simulation of shared memory-based array processing using cycle-approximate ARM Cortex-A9 processor models in the presence of application load balancing and best-effort memory bandwidth sharing, e.g. arising from a service-level agreement. Besides improving performance (10% to 23%), we quantify the very low intrusiveness of the shared-memory and processor (load balancing) monitoring probes, together they contribute less than 0.005% to the total execution time.

Non-intrusive NoC DFS for Soft Real-Time Multimedia Applications

Multimedia applications executing on NoC-based multicore architectures demand high performance and power-efficiency. We propose a low-cost NoC DPM controller that performs dynamic frequency scaling on each NoC router by activating shared memory-based monitoring probes at different parallel application slices or using an independent sample rate. We evaluate our DFS module by running an MPEG4 transfer speed test on a cycle-accurate, monitoring-aware SystemC virtual platform of a NoC-based MPSoC. The DFS module improves power-performance characteristics over existing techniques, and has minimal intrusion, significantly less than 0.01% of the total execution time.

A firewall module resolving rules consistency

Network firewall rules are usually written by administrators or automated intrusion detection systems and often contain inconsistencies. Therefore, it is fundamental to ensure that only an absolutely correct configuration is active. In this paper, we design an open source conflict resolution framework (C application and Linux firewall kernel module on top of netfilter) that can be used as a constant independent system auditor, automatically detecting and resolving conflicts in firewall rules. Preliminary analysis from our implementation on ARM-based embedded systems examines efficiency and scalability of our framework.

Soft real-time smartphone ECG processing

Mobile health monitoring technology has the potential to bring a doctor’s office to the patient’s smartphone. In this context, we consider an end-to-end soft real-time out-ofhospital use-case that concerns transmission of patient ECG data from ST BodyGateway pulse sensor via an Android device (Patient App) to a Cloud server for ECG analysis and annotation and then to another Android device (Doctor App) for visualization. Using a prototype featuring ARMv7 technology (two Odroid-XU4s for Patient and Doctor App and one Zedboard FPGA board for server), we evaluate real-time performance and security overheads for supporting confidentiality, integrity and patient anonymity.