Designing secure systems on reconfigurable hardware

Huffmire, Ted; Brotherton, Brett; Callegari, Nicholas; Valamehr, Jonathan; White, Jeff; Kastner, Ryan; Sherwood, Timothy

doi:10.1145/1367045.1367053

Cited by 22 publications

(14 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Next was the networked cryptographic authentication system [Huffmire et al 2008]. As previously discussed, this design contains two μBlaze processors connected to a shared onboard peripheral bus with an integrated reference monitor to regulate access to the shared memory and peripherals.…”

Section: Quantitative Analysis Of the Inspection Methodsmentioning

confidence: 99%

“…We have been motivating our discussion so far with the example of a networked cryptographic authentication system to send/receive encrypted data from the Internet using local authentication [Huffmire et al 2008]. In general, cryptographic systems contain sensitive data (both the encrypted data and the cryptographic keys) that must be protected.…”

Section: Motivating Examplesmentioning

confidence: 99%

“…These cores are all implemented using a single FPGA. Further details about this system can be found in Huffmire et al [2008], and in Section 4.3.1. Each of three cores · 10: 3 requires access to off-chip memory to store and retrieve data.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Security Primitives for Reconfigurable Hardware-Based Systems

Huffmire

Levin

Nguyen

et al. 2010

ACM Trans. Reconfigurable Technol. Syst.

Self Cite

View full text Add to dashboard Cite

Computing systems designed using reconfigurable hardware are increasingly composed using a number of different Intellectual Property (IP) cores, which are often provided by third-party vendors that may have different levels of trust. Unlike traditional software where hardware resources are mediated using an operating system, IP cores have fine-grain control over the underlying reconfigurable hardware. To address this problem, the embedded systems community requires novel security primitives that address the realities of modern reconfigurable hardware. In this work, we propose security primitives using ideas centered around the notion of "moats and drawbridges." The primitives encompass four design properties: logical isolation, interconnect traceability, secure reconfigurable broadcast, and configuration scrubbing. Each of these is a fundamental This research was funded in part by National Science Foundation Grant CNS-0524771, NSF Career Grant CCF-0448654, and the SMART Defense Scholarship for Service. Authors' addresses: T. Huffmire, T. Levin, T. Nguyen, and C. Irvine, Department of Computer Science, Naval Postgraduate School, Monterey, CA 93943; email: {tdhuffmi, televin, tdnguyen, irvine}@nps.edu; B. Brotherton, Special Technologies Laboratory, Santa Barbara, CA 93111; email: brett.brotherton@gmail.com; G. Wang, Intuit, San Diego, CA 92122; email: Gang Wang@ intuit.com; T. Sherwood, Department of Computer Science, University of California, Santa Barbara, CA 93106; email: sherwood@cs.ucsb.edu; R. Kastner, Department of Computer Science and Engineering, University of California, San Diego, La Jolla, CA 92093; email: kastner@cs.ucsd.edu. c 2010 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by a contractor or affiliate of the [U.S.] Government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or direct commercial advantage and that copies show this notice on the first page or initial screen of a display along with the full citation. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works requires prior specific permission and/or a fee. Permissions may be requested from Publications Dept., ACM, Inc., 2 Penn Plaza, Suite 701, New York, NY 10121-0701 USA, fax +1 (212) operation with easily understood formal properties, yet they map cleanly and efficiently to a wide variety of reconfigurable devices. We carefully quantify the required overheads of the security techniques on modern FPGA architectures across a number of different applications.

show abstract

Section: Quantitative Analysis Of the Inspection Methodsmentioning

confidence: 99%

Section: Motivating Examplesmentioning

confidence: 99%

See 1 more Smart Citation

Security Primitives for Reconfigurable Hardware-Based Systems

Huffmire

Levin

Nguyen

et al. 2010

ACM Trans. Reconfigurable Technol. Syst.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Although ideally these cores would be verified by a trusted party, cost and source code requirements can make such a development model impractical. Reliance on off-the-shelf IP modules provided by multiple vendors with different levels of trust introduces serious security concerns [10]. A moat and drawbridge model provides spatial module isolation and statically verifiable communication flow [11], but does not address modules with self-contained trojan horses.…”

Section: Existing Security Approachesmentioning

confidence: 99%

Thwarting Software Attacks on Data-Intensive Platforms with Configurable Hardware-Assisted Application Rule Enforcement

Farag

Lerner

Patterson

2011

2011 21st International Conference on Field Programmable Logic and Applications

View full text Add to dashboard Cite

Security is difficult to achieve on general-purpose computing platforms due to their complexity, excess functionality, and resource sharing. An alternative is the creation of a Tailored Trustworthy Space for the system or application class of interest. We focus on data-intensive computing systems using reconfigurable hardware to implement streaming operations, and provide security assurances that are independent of application software, middleware, or operating system integrity and correctness. All interaction between software and the dataflow hardware passes through an automatically synthesized and formally verified hardware controller incorporating enforcement and real-time monitoring of application-specific rules. Abstractions provided by the Bluespec high-level language assist in the translation of domainspecific policy rules to synthesized logic. For the cognitive radio example used, hardware-enforced policies include physical layer rules such as sanctioned spectrum usage. Policy changes cause the secure generation and transfer of a new controller-wrapped datapath hardware plug-in. Datapath dynamic block swaps and cryptographic operations are managed entirely by the hardware controller rather than software drivers. Design for performance and design for security are therefore simultaneously addressed since the datapath is configured and monitored at hardware speeds, and software has no access to datapath configurations and cryptographic keys.

show abstract

“…The reconfigurable computing area (using programmable circuits -FPGAs) are being used as a technological alternative that can easily interface with a general purpose processor keeping the performance similar to those of dedicated hardware [17,42].…”

Section: Introductionmentioning

confidence: 99%