Polydoros Petrakis

Security in MPSoCs: A NoC Firewall and an Evaluation Framework

In multiprocessor system-on-chip (MPSoC), a CPU can access physical resources, such as on-chip memory or I/O devices. Along with normal requests, malevolent ones, generated by malicious processes running in one or more CPUs, could occur. A protection mechanism is therefore required to prevent injection of malicious instructions or data across the system. We propose a self-contained Network-on-Chip (NoC) firewall at the network interface (NI) layer which, by checking the physical address against a set of rules, rejects untrusted CPU requests to the on-chip memory, thus protecting all legitimate processes running in a multicore SoC. To sustain high performance, we implement the firewall in hardware, with rule-checking performed at segment-level based on deny rules. Furthermore, to evaluate its impact, we develop a novel framework on top of gem5 simulation environment, coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics (STNoC). Simulation tests include scenarios in which legitimate and malicious processes, running in different CPUs, request access to shared memory. Our results indicate that a firewall implementation at the NI can have a positive effect on network performance by reducing both end-to-end network delay and power consumption. We also show that our coarse-grain firewall can prevent saturation of the on-chip network and performs better than fine-grain alternatives that perform rule checking at page-level. Simulation results are accompanied with field measurements performed on a Zedboard platform running Linux, whereas the NoC Firewall is implemented as a reconfigurable, memory-mapped device on top of AMBA AXI4 interconnect fabric.

Security Effectiveness and a Hardware Firewall for MPSoCs

There is a constant increase in the interest shown for trusted computing in the embedded domain. In an MPSoC each processing element such as a CPU could request accessing any physical resource of the device such as a memory or an I/O component. Along with normal requests, malevolent ones could occur produced by malware applications or processes running in one or more CPUs. A protection mechanism is required to prevent injection of malicious data across the device, e.g. Unsafe data written by a CPU into a memory address, which are read later by another CPU. A considerable amount of research has been devoted in security for MPSoCs, but limited work exists in performing protection at the source instead of the target, thus cutting-off malicious content at an early stage prior to entering the on-chip network. In the present work we focus on the side of the CPU connected to the SoC network. We are envisioning a self-contained NoC firewall, which by checking the physical address of a request to a memory-mapped device against a set of rules, rejects untrusted CPU requests to the on-chip memory, thus protecting all legitimate applications running in a shared-memory SoC. To sustain high-performance we implemented the firewall in hardware, while rule-checking is performed at segment-level based on deny rules. To evaluate the impact of security mechanisms we developed a novel framework based on gem5, coupling ARM technology and an instance of a commercial point-to-point interconnect from STMicroelectronics called Spider on STNoC. Tests include several scenarios with legitimate and malicious processes running in different CPUs requesting access to shared memory. Preliminary results show that the incorporation of a security mechanism in the network interface can have a positive effect on network performance by reducing both the end-to-end delivery time of packets, and the power consumed from unnecessary transmissions. From the network aspect, this effect is independent of the performance of implementation itself, e.g. Either a hardware or a software solution equally relieves the network from unnecessary loads. Finally, we compare the performance of our hardware approach over a simple equivalent software solution. Certainly, this comparison favours hardware by considerable margins, however we use it only as reference to illustrate the merit from implementing protection in hardware. The purpose of the present study is three-fold. First, we present the proposed hardware NoC firewall. Then we examine the effect on network transmissions from incorporating a security mechanism in the network interface, to do this we developed a novel framework. Finally, we include preliminary performance results of our NoC firewall and a simple yet indicative comparison with a software solution.

On-chip networks for mixed-criticality systems

We propose the integration of a network-on-chip-based MPSoC in mixed-criticality systems, i.e. systems running applications with different criticality levels in terms of completing their execution within predefined time limits. An MPSoC contains tiles that can be either CPUs or memories, and we connect them with an instance of a customizable point-to-point interconnect from STMicroelectronics called STNoC. We explore whether the on-chip network capacity is sufficient for meeting the deadlines of external high critical workloads, and at the same time for serving less critical workloads that are generated internally. To evaluate the on-chip network we vary its configuration parameters, such as the link-width, and the Quality-of-Service (QoS), in specific the number (1 or 2) and type (high or low priority) of virtual channels (VCs), and the relative priority of packets from different flows sharing the same VC.

Security Enhancements for building saturation-free, low-power NoC-based MPSoCs

In the future almost every consumer electronics device will be connected to an ecosystem of third-party partners providing services such as payment, streaming content, and so on. Present work aims to expose the foundations of a secure environment by ensuring security on the edge devices. MPSoCs are widely used in edge devices due to their capability to execute multiple applications in single-chips. To achieve the targeted security level against physical adversaries, all communications between the MPSoC and its environment must be protected. In an MPSoC multiple processing elements such as CPUs send requests to different on-chip memories. Network-on-chip has been proposed for MPSoC design, aiming at increasing performance and reducing power compared to on-chip buses. Tailoring the NoC to application(s) takes place usually at design-time. The selection of NoC parameter values affects both performance and power, while configuring them unwisely can result in unnecessary area overhead and chip cost. In the present work we concentrate on a commercial interconnect called STNoC from STMicroelectronics. We keep the NoC parameters fixed, and we explore the effects from the variation of other parameters, such as the injection rate of the packets transmitted by the CPUs, and the activation/deactivation of a security mechanism integrated in the network interface of the NoC, for multiple traffic scenarios with each one representing different amount of legal and malicious requests, for different mappings, and for different node setups. Experimental results, reveal the conditions under which the NoC starts experiencing saturation phenomena.

Monitoring-Aware Virtual Platform Prototype of Heterogeneous NoC-Based Multicore SoCs

We present an open SystemC-based virtual platform that fits the design flow of heterogeneous, self-adaptive shared memory-based multicore SoCs by supporting concept validation and verification of equivalent RTL models, early software development of corresponding system drivers and efficient design space exploration at an early stage of the design. We examine connectivity, functionality and interaction among its components, such as CPU, memory and NoC, and outline innovative features related to supporting system-level monitoring via time-driven and event-based shared memory primitives. As a case-study, we consider co-simulation of shared memory-based array processing using cycle-approximate ARM Cortex-A9 processor models in the presence of application load balancing and best-effort memory bandwidth sharing, e.g. arising from a service-level agreement. Besides improving performance (10% to 23%), we quantify the very low intrusiveness of the shared-memory and processor (load balancing) monitoring probes, together they contribute less than 0.005% to the total execution time.

Non-intrusive NoC DFS for Soft Real-Time Multimedia Applications

Multimedia applications executing on NoC-based multicore architectures demand high performance and power-efficiency. We propose a low-cost NoC DPM controller that performs dynamic frequency scaling on each NoC router by activating shared memory-based monitoring probes at different parallel application slices or using an independent sample rate. We evaluate our DFS module by running an MPEG4 transfer speed test on a cycle-accurate, monitoring-aware SystemC virtual platform of a NoC-based MPSoC. The DFS module improves power-performance characteristics over existing techniques, and has minimal intrusion, significantly less than 0.01% of the total execution time.

A firewall module resolving rules consistency

Network firewall rules are usually written by administrators or automated intrusion detection systems and often contain inconsistencies. Therefore, it is fundamental to ensure that only an absolutely correct configuration is active. In this paper, we design an open source conflict resolution framework (C application and Linux firewall kernel module on top of netfilter) that can be used as a constant independent system auditor, automatically detecting and resolving conflicts in firewall rules. Preliminary analysis from our implementation on ARM-based embedded systems examines efficiency and scalability of our framework.

Soft real-time smartphone ECG processing

Mobile health monitoring technology has the potential to bring a doctor’s office to the patient’s smartphone. In this context, we consider an end-to-end soft real-time out-ofhospital use-case that concerns transmission of patient ECG data from ST BodyGateway pulse sensor via an Android device (Patient App) to a Cloud server for ECG analysis and annotation and then to another Android device (Doctor App) for visualization. Using a prototype featuring ARMv7 technology (two Odroid-XU4s for Patient and Doctor App and one Zedboard FPGA board for server), we evaluate real-time performance and security overheads for supporting confidentiality, integrity and patient anonymity.

Address interleaving for low-cost NoCs

New generations of NoC-based platforms incorporate address interleaving, which enables balancing transactions between the memory nodes. The memory space is distributed in different nodes of the NoC, and accessed alternately by each on-chip initiator. A memory node is accessed depending on the transaction request address through a memory map. Interleaving can allow for efficient use of NoC bandwidth and congestion reduction, and we study whether its gains scale over system size. In this work we concentrate on an instance of a customizable point-to-point interconnect from STMicroelectronics called STNoC. We first evaluate a setup with 4 CPU initiators and 4 memories, and show that interleaving relieves the NoC from congestion and permits higher packet injection rates. We also show that this depends on the number of packets sent per transaction by an initiator prior to changing destination memory node; this is called interleaving step. We then enriched the setup with several DMA engines, which is in accordance with industry roadmap. We experimented with MPSoCs having up to 32-nodes and for various link-widths of the STNoC. When link-width was 32 Bytes, the aggregate throughput gain from address interleaving was 20.8%, but when we set it 8 Bytes the throughput gain reached 69.64%. This implies silicon savings in SoCs, as it is not always necessary to configure NoCs with wide link-widths.