Securing Multiprocessor Systems-on-Chip, Lecture by Dr. Biswas, National University of Singapore
Public lecture by Dr. Arnab Kumar Biswas will be hosted in D2 (up to 50 people
allowed; online streaming as well as lecture recording will be arranged - yet
for the chance to engage in the discussion after the lecture a physical presence
is required). Dr. Biswas applied for a position (Assistant Prof. or Lecturer)
with FI.
The lecture will take place 24/9 9:30am in D2, and a link for the streamed
version will be provided several days ahead.
Abstract:
Now-a-days Multiprocessor System-on-Chips (MP-SoCs) integrate
multiple processing elements into a single chip. As MP-SoCs are
pervading our lives, security issues are emerging as a serious problem
and attacks against these systems are becoming more critical and
sophisticated. New cost effective solutions have to be proposed in order
to defend against these attacks. We have designed and implemented
different hardware based solutions considering Network-on-Chip (NoC) as
the communication medium in the MP-SoC. In the presentation, I will
mainly talk about four projects that propose security solutions in
MP-SoC. In the first project, we consider a new type of attack in NoC
and propose different security solutions. NoC based high performance
MP-SoCs can have multiple secure regions or Trusted Execution
Environments (TEEs). These TEEs can be separated by non-secure regions
or Rich Execution Environments (REEs) in the same MP-SoC. In this work,
we address attacks on routing tables and propose two countermeasures -
Run-time monitor and Restart monitor. In the second project, we consider
hybrid NoCs and propose new router architectures to protect from timing
channel attacks in NoC. A hybrid NoC containing both packet and circuit
switching, can provide services to different applications. But these
different applications can be of different security levels and one
application can interfere with another application’s timing
characteristics during network transmission. Using this interference, a
malicious application can extract secret information from higher
security level flows (timing side channel) or two applications can
communicate covertly violating the system’s security policy (covert
timing channel). We propose different mechanisms to protect hybrid
routers from timing channel attacks. In the third project, we consider
timing side-channel attacks which poses a major threat to embedded
systems due to their ease of accessibility. We propose CIDPro, a
framework that relies on dynamic program diversification to mitigate
timing side-channel leakage. The proposed framework integrates the
widely used LLVM compiler infrastructure and the increasingly popular
RISC-V FPGA soft processor. In the last project, we revisit the problem
of router attack resulting from malicious configuration of
Network-on-Chip routers. A source authentication mechanism for router
configuration packets can prevent such vulnerability. This ensures that
a router is configured by the configuration packets sent only by a
trusted configuration source. Conventional methods like Secure Hash
Algorithm-3 (SHA-3) can provide required source authentication in a
router but with a huge router area overhead compared to a normal router
area. We propose eight source authentication mechanisms that can achieve
a similar level of security as SHA-3 for a router configuration
perspective without causing significant area and power increase. Most of
our proposed techniques use different timing channel watermarking
methods to transfer source authentication data to the receiver router.