Marius Strum

NoC-Based Protection for SoC Time-Driven Attacks

Systems-on-chip (SoCs) based on many core architectures can be attacked. Malicious processes can infer secrets from on-chip sensible traffic by evaluating the degradation on their communication performance. Such a threat rises from the resource sharing. In order to avoid such time-driven attacks, the network-on-chip (NoC) can integrate mechanisms to isolate different communication flows. In this letter, we propose two mechanisms, random arbitration and adaptive routing, that dynamically allocate the SoC resources to avoid such attacks. We compare our approach to the unique previous work under several traffic conditions. We demonstrate that our mechanisms are effective to protect the SoC while increasing the overall performance.

A multi-objective approach for multi-application NoC mapping

Current SoC design trends are characterized by the integration of larger amount of IPs targeting a wide range of application fields. Such multi-application systems are constrained by a set of requirements. In such scenario network-on-chips (NoC) are becoming more important as the on-chip communication structure. Designing an optimal NoC for satisfying the requirements of each individual application requires the specification of a large set of configuration parameters leading to a wide solution space. It has been shown that IP mapping is one of the most critical parameters in NoC design, strongly influencing the SoC performance. IP mapping has been solved for single application systems. In this paper we propose the use of a multi-objective adaptive immune algorithm (M2AIA), an evolutionary approach to solve the multi-application NoC mapping problem. Latency and power consumption were adopted as the target multi-objective functions. To compare the efficiency of our approach, our results are compared with those of the genetic and branch-and-bound multi-objective mapping algorithms. We tested algorithm on several SoC applications.

QoSS hierarchical NoC-based architecture for MPSoC dynamic protection

As electronic systems are pervading our lives, MPSoC (multiprocessor system-on-chip) security is becoming an important requirement. MPSoCs are able to support multiple applications on the same chip. The challenge is to provide MPSoC security that makes possible a trustworthy system that meets the performance and security requirements of all the applications. The network-on-chip (NoC) can be used to efficiently incorporate security. Our work proposes the implementation of QoSS (quality of security service) to overcome present MPSoC vulnerabilities. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. QoSS takes advantage of the NoC wide system visibility and critical role in enabling system operation, exploiting the NoC components to detect and prevent a wide range of attacks. In this paper, we present the implementation of a layered dynamic security NoC architecture that integrates agile and dynamic security firewalls in order to detect attacks based on different security rules. We evaluate the effectiveness of our approach over several MPSoCs scenarios and estimate their impact on the overall performance. We show that our architecture can perform a fast detection of a wide range of attacks and a fast configuration of different security policies for several MPSoC applications.

Elastic security zones for NoC-based 3D-MPSoCs

3D-MPSoCs integrate cores of several vendors and support different applications on a single die, providing large performance and cost reduction. 3D-technology presents many security challenges and offers new opportunities to implement protection countermeasures. 3D-NoCs can be explored to assist the overall security of the system. In this work, we propose a 3D-NoC hardware architecture able to protect the 3D-MPSoCs against software attacks. Dynamic firewalls create elastic security zones by wrapping a set of components according to a trust policy, guaranteeing the protection and efficient execution of all applications. We compare our approach with several 3D-protection proposals and we show that our mechanism performs a fast detection of attacks, decreases the cost of security in terms of power and provides a high level of security.

Comparing two testbench methods for hierarchical functional verification of a bluetooth baseband adaptor

The continuous improvement on the design methodologies and processes has made possible the creation of huge and very complex digital systems. Design verification is one of the main tasks in the design flow, aiming to certify the system functionality has been accomplished accordingly to the specification. A simulation based technique known as functional verification has been followed by the industry. In recent years, several articles in functional verification have been presented, focusing either on specific design verification experiments or on methods to improve and accelerate coverage reaching. In the first category, the majority of the papers are aimed to processors verification, while communication systems experiences were not such commonly reported. In the second category, different authors have proposed methodologies, which need an extensive and complex work by the verification engineer on tuning the acceleration algorithms to the specific design. In the present paper, we present a functional verification methodology applied to a Bluetooth Baseband adaptor core, described in SystemC RTL. Two techniques are considered, one following the traditional framework of applying random stimuli and checking functional coverage aspects; in the second one, a simple acceleration procedure, based on redundant stimuli filtering, is included. For both solutions, a hierarchical approach is adopted. We present several results comparing both solutions, showing the gain obtained in using the acceleration technique. Additionally, we show how results on a real testbench application environment correlate to the hierarchical verification approach taken.

Burst-Mode Asynchronous Controllers on FPGA

FPGAs have been mainly used to design synchronous circuits. Asynchronous design on FPGAs is difficult because the resulting circuit may suffer from hazard problems. We propose a method that implements a popular class of asynchronous circuits, known as burst mode, on FPGAs based on look-up table architectures. We present two conditions that, if satisfied, guarantee essential hazard-free implementation on any LUT-based FPGA. By doing that, besides all the intrinsic advantages of asynchronous over synchronous circuits, they also take advantage of the shorter design time and lower cost associated with FPGA designs.

Formal equivalence checking between high-level and RTL hardware designs

Digital applications complexity makes it harder every day to discover and debug behavioral inconsistencies at register transfer level (RTL). Aiming to bring a solution, several techniques have appeared as alternatives to verify that a circuit description meets the requirements of its corresponding functional specification. Simulation is widely applied due to its convenience to uncover early design bugs, but is far from providing the exhaustiveness acquired through formal methods, for which improved and new tools continue to appear. On the other hand, formal verification can suffer from problems such as state-space explosion or modeling inaccuracy. Then, it is vital to develop new ways to check a design for consistency fast and comprehensively. In this paper, we propose a sequential equivalence checking (SEC) formalism and an algorithm, for use between a specification, written at electronic system level (ESL), and an implementation, written at RTL. Given that equivalence is checked between different levels of abstraction, it is no longer valid to perform SEC on single states, thus, we show a scheme to extract and compare complete sequences of states in order to determine if the design intention, which is described in the ESL specification, is contained and respected by the RTL implementation. The results obtained suggest that our methodology can be applied efficiently on real designs.

Dynamic NoC-based architecture for MPSoC security implementation

MPSoCs have been proposed as a promising architecture choice to overcome the challenging embedded electronics requirements, characterized by tights development times and fast evolution of applications. The MPSoC flexibility, also represents a system vulnerability. As security requirements vary dramatically for different applications, the challenge is to provide MPSoC security that allows a trustworthy system that meets all the security requirements of such applications. NoC has become an attractive alternative to support the MPSoC communication requirements. Our work proposes the implementation of dynamic security architecture to overcome present MPSoC vulnerabilities. We integrate agile and dynamic security firewalls into the NoC in order to detect attacks based on different security rules. We evaluate the effectiveness of our approach over several MPSoCs scenarios and estimate their impact on the overall performance. We show that our architecture can perform a fast detection of a wide range of attacks and a fast configuration of the different security policies for several MPSoC applications.

A Multi-objective Adaptive Immune Algorithm for NoC mapping

Designing an optimal NoC for a particular application requires the specification of a large set of configuration parameters leading to a wide solution space. It has been shown that IP mapping is one of the most critical parameters in NoC design, strongly influencing the SoC performance. IP mapping has been solved using single and multi-objective optimization algorithms. In this paper we propose the use of a multi-objective adaptive immune algorithm (MAIA), an evolutionary approach to solve the NoC mapping problem. Latency and power consumption were adopted as the target multi-objective functions. To compare the efficiency of our approach, our results were compared with those of the genetic and branch-and-bound multi-objective mapping algorithms. We tested 4 well-known benchmarks and 2 real SoC applications (MPEG-4 decoder and VOPD). The experimental results showed that the MAIA improves power consumption and latency respectively in almost 58% and 57% compared to the branch-and-bound approach and 40% and 50% compared to genetic approach.

Security-enhanced 3D communication structure for dynamic 3D-MPSoCs protection

Three-dimension Multiprocessors System-on-Chip (3D-MPSoCs) hold promises to allow the development of compact and efficient devices. By means of such technology, multiple applications are supported on the same chip, which can be mapped dynamically during the execution time. This flexibility offered by the 3D technology, also represents vulnerability, turning the 3D-MPSoC security into a challenging task. 3D communication structures (3D-HoCs), which combine buses and network-on-chip can be used to efficiently overcome the present 3D-MPSoC vulnerabilities. 3D-HoCs can be used to implement different security services, monitor the data exchange and isolate dangerous IPs. In this paper, we implement Quality of Security Service (QoSS) in 3D-HoC to efficiently detect and prevent attacks by means of agile and dynamic security firewalls. Such a method takes advantage of the 3D-HoC wide system visibility and critical role in enabling system operation. We evaluate the effectiveness of our approach over several 3D-MPSoCs attack scenarios and estimate their impact on the overall performance. Results show that our architecture can perform a fast detection of a wide range of attacks and a fast configuration of the different security policies.