Security in MPSoCs: A NoC Firewall and an Evaluation Framework

Grammatikakis, Miltos D.; Papadimitriou, Kyprianos; Petrakis, Polydoros; Papagrigoriou, Antonis; Kornaros, George; Christoforakis, Ioannis; Tomoutzoglou, Othon; Tsamis, George; Coppola, Marcello

doi:10.1109/tcad.2015.2448684

Cited by 35 publications

(16 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The concept of DoS in the NoC context was introduced in [7]. Subsequently, approaches with different mitigation strategies for these kinds of attacks have been proposed [7][8][9][10][11][12][13][14][15][16][17][18]. Such approaches can be categorized in two main classes: DoS Avoidance and DoS detection and recovery.…”

Section: Literature Reviewmentioning

confidence: 99%

“…However, this approach utilizes source-routing, which imposes considerable overhead to the packet size. In [17], Grammatikakis et al target distributed DoS attacks via a firewall in control of configurable access rules in the network interface. The security risk is evaluated by the product of frequency and magnitude of losses (by dropping the packets at the Network Interface).…”

Section: Dos Attack Detection and Recoverymentioning

confidence: 99%

See 1 more Smart Citation

DoS Attack Detection and Path Collision Localization in NoC-Based MPSoC Architectures

Chaves

Azad

Hollstein

et al. 2019

JLPEA

View full text Add to dashboard Cite

Denial of Service (DoS) attacks are an increasing threat for Multiprocessor System-on-Chip (MPSoC) architectures. By exploiting the shared resources on the chip, an attacker is able to prevent completion or degrade the performance of a task. This is extremely dangerous for MPSoCs used in critical applications. The Network-on-Chip (NoC), as a central MPSoC infrastructure, is exposed to this attack. In order to maintain communication availability, NoCs should be enhanced with an effective and precise attack detection mechanism that allows the triggering of effective attack mitigation mechanisms. Previous research works demonstrate DoS attacks on NoCs and propose detection methods being implemented in NoC routers. These countermeasures typically led to a significantly increased router complexity and to a high degradation of the MPSoC’s performance. To this end, we present two contributions. First, we provide an analysis of information that helps to narrow down the location of the attacker in the MPSoC, achieving up to a 69% search space reduction for locating the attacker. Second, we propose a low cost mechanism for detecting the location and direction of the interference, by enhancing the communication packet structure and placing communication degradation monitors in the NoC routers. Our experiments show that our NoC router architecture detects single-source DoS attacks and determines, with high precision, the location and direction of the collision, while incurring a low area and power overhead.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Dos Attack Detection and Recoverymentioning

confidence: 99%

DoS Attack Detection and Path Collision Localization in NoC-Based MPSoC Architectures

Chaves

Azad

Hollstein

et al. 2019

JLPEA

View full text Add to dashboard Cite

show abstract

“…Wassel et al extended this work [26] and proposed a partitioning mechanism through packet scheduling to pass packets between different domains with lower latency. Grammatikakis et al [27] have proposed a self-contained NoC firewall within the network interface by validating the memory requests against the predefined set of rules. Hu et al [28] have also presented a similar solution by incorporating access rules verification and authentication mechanism for certain regions of the memory units.…”

Section: Related Workmentioning

confidence: 99%

“…In contrast, our proposed security solution does not require modifications in the processor or memory architecture, operates independently without any help from software side and bears minimal performance overhead for NoC-based systems [31]. Security mechanisms for NoC-based multi-core systems (such as [22,24,[27][28][29] have only been designed specifically for shared-memory architectures and provide protection to memory units only whereas our proposed solution can be used to isolate any processing block ranging from memory controllers to other I/O peripherals. Similarly, the hardware-based security solutions, as discussed by Yan et al [11], are based on disabling some unreliable processing cores when sensitive applications are running.…”

Section: Related Workmentioning

confidence: 99%

Hardware-Assisted Secure Communication in Embedded and Multi-Core Computing Systems

2018

View full text Add to dashboard Cite

With the sharp rise of functionalities and connectivities in multi-core embedded systems, these systems have become notably vulnerable to security attacks. Conventional software security mechanisms fail to deliver full safety and also affect the system performance significantly. In this paper, a hardware-based security procedure is proposed to handle critical information in real-time through comprehensive separation without needing any help from the software. To evaluate the proposed system, an authentication system based on an image procession solution has been implemented on a reconfigurable device. In addition, the proposed security mechanism is evaluated for the Networks-on-chips, where minimal area, power consumption and performance overheads are achieved.

show abstract

“…In several cases this makes the resource-limited STNoC incapable of serving the traffic, which eventually experiences saturation phenomena leading to enormous delays. The experiments were carried out using our gem5-based framework enhanced with a security mechanism placed at the network interface of NoC [1], [2]. This allowed us to explore the implications from enabling security for different parameters.…”

Section: Introductionmentioning

confidence: 99%

Security Enhancements for building saturation-free, low-power NoC-based MPSoCs

Papadimitriou

Petrakis

Grammatikakis

et al. 2015

2015 IEEE Conference on Communications and Network Security (CNS)

Self Cite

View full text Add to dashboard Cite

In the future almost every consumer electronics device will be connected to an ecosystem of third-party partners providing services such as payment, streaming content, and so on. Present work aims to expose the foundations of a secure environment by ensuring security on the edge devices. MPSoCs are widely used in edge devices due to their capability to execute multiple applications in single-chips. To achieve the targeted security level against physical adversaries, all communications between the MPSoC and its environment must be protected. In an MPSoC multiple processing elements such as CPUs send requests to different on-chip memories. Network-on-chip has been proposed for MPSoC design, aiming at increasing performance and reducing power compared to on-chip buses. Tailoring the NoC to application(s) takes place usually at designtime. The selection of NoC parameter values affects both performance and power, while configuring them unwisely can result in unnecessary area overhead and chip cost. In the present work we concentrate on a commercial interconnect called STNoC from STMicroelectronics. We keep the NoC parameters fixed, and we explore the effects from the variation of other parameters, such as the injection rate of the packets transmitted by the CPUs, and the activation/deactivation of a security mechanism integrated in the network interface of the NoC, for multiple traffic scenarios with each one representing different amount of legal and malicious requests, for different mappings, and for different node setups. Experimental results, reveal the conditions under which the NoC starts experiencing saturation phenomena.

show abstract

Security in MPSoCs: A NoC Firewall and an Evaluation Framework

Cited by 35 publications

References 15 publications

DoS Attack Detection and Path Collision Localization in NoC-Based MPSoC Architectures

DoS Attack Detection and Path Collision Localization in NoC-Based MPSoC Architectures

Hardware-Assisted Secure Communication in Embedded and Multi-Core Computing Systems

Security Enhancements for building saturation-free, low-power NoC-based MPSoCs

Contact Info

Product

Resources

About