LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe.

Slides:



Advertisements
Similar presentations
Vassal: Loadable Scheduler Support for Multi-Policy Scheduling George M. Candea, Oracle Corporation Michael B. Jones, Microsoft Research.
Advertisements

Interactive lesson about operating system
Exploiting Access Semantics and Program Behavior to Reduce Snoop Power in Chip Multiprocessors Chinnakrishnan S. Ballapuram Ahmad Sharif Hsien-Hsin S.
A SOFTWARE-ONLY SOLUTION TO STACK DATA MANAGEMENT ON SYSTEMS WITH SCRATCH PAD MEMORY Arizona State University Arun Kannan 14 th October 2008 Compiler and.
Zhiguo Ge, Weng-Fai Wong, and Hock-Beng Lim Proceedings of the Design, Automation, and Test in Europe Conference, 2007 (DATE’07) April /4/17.
Operating Systems Lecture 10 Issues in Paging and Virtual Memory Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing.
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
Virtual Memory Chapter 18 S. Dandamudi To be used with S. Dandamudi, “Fundamentals of Computer Organization and Design,” Springer,  S. Dandamudi.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Customizing Virtual Networks with Partial FPGA Reconfiguration
Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,
Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.
Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,
NIOS II Ethernet Communication Final Presentation
Memory Management 2010.
Active Messages: a Mechanism for Integrated Communication and Computation von Eicken et. al. Brian Kazian CS258 Spring 2008.
Dynamically Reconfigurable Architectures: An Overview Juanjo Noguera Dept. Computer Architecture (DAC-UPC)
Virtual Memory and Paging J. Nelson Amaral. Large Data Sets Size of address space: – 32-bit machines: 2 32 = 4 GB – 64-bit machines: 2 64 = a huge number.
CSCE 313: Embedded Systems Multiprocessor Systems
Ethernet Bomber Ethernet Packet Generator for network analysis Oren Novitzky & Rony Setter Advisor: Mony Orbach Started: Spring 2008 Part A final Presentation.
ECE 510 Brendan Crowley Paper Review October 31, 2006.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Eye-RIS. Vision System sense – process - control autonomous mode Program stora.
Department of Electrical and Computer Engineering Kekai Hu, Harikrishnan Chandrikakutty, Deepak Unnikrishnan, Tilman Wolf, and Russell Tessier Department.
Technion – Israel Institute of Technology Department of Electrical Engineering High Speed Digital Systems Lab Spring 2009.
Research on cloud computing application in the peer-to-peer based video-on-demand systems Speaker : 吳靖緯 MA0G rd International Workshop.
Networking Virtualization Using FPGAs Russell Tessier, Deepak Unnikrishnan, Dong Yin, and Lixin Gao Reconfigurable Computing Group Department of Electrical.
Introduction To DSX WinDSX DSS (Dallas Security Systems)
COMPUTER SYSTEM LABORATORY Lab10 - Sensor II. Lab 10 Experimental Goal Learn how to write programs on the PTK development board (STM32F207). 2013/11/19/
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.
ACSAC’04 Choice Predictor for Free Mongkol Ekpanyapong Pinar Korkmaz Hsien-Hsin S. Lee School of Electrical and Computer Engineering Georgia Institute.
Heterogeneous Multikernel OS Yauhen Klimiankou BSUIR
2013/01/14 Yun-Chung Yang Energy-Efficient Trace Reuse Cache for Embedded Processors Yi-Ying Tsai and Chung-Ho Chen 2010 IEEE Transactions On Very Large.
A Decompression Architecture for Low Power Embedded Systems Lekatsas, H.; Henkel, J.; Wolf, W.; Computer Design, Proceedings International.
NIOS II Ethernet Communication Final Presentation
Disco : Running commodity operating system on scalable multiprocessor Edouard et al. Presented by Vidhya Sivasankaran.
Implementing Memory Protection Primitives on Reconfigurable Hardware Brett Brotherton Nick Callegari Ted Huffmire.
R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,
Ethernet Bomber Ethernet Packet Generator for network analysis
Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.
1 Advanced Digital Design Reconfigurable Logic by A. Steininger and M. Delvai Vienna University of Technology.
3/12/2013Computer Engg, IIT(BHU)1 PARALLEL COMPUTERS- 2.
ADAPTIVE CACHE-LINE SIZE MANAGEMENT ON 3D INTEGRATED MICROPROCESSORS Takatsugu Ono, Koji Inoue and Kazuaki Murakami Kyushu University, Japan ISOCC 2009.
1 Hardware-Software Co-Synthesis of Low Power Real-Time Distributed Embedded Systems with Dynamically Reconfigurable FPGAs Li Shang and Niraj K.Jha Proceedings.
Embedded Systems Design with Qsys and Altera Monitor Program
POLITECNICO DI MILANO A SystemC-based methodology for the simulation of dynamically reconfigurable embedded systems Dynamic Reconfigurability in Embedded.
Operating Systems Lecture 9 Introduction to Paging Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing Liu School of.
Architecture Support for Secure Computing Mikel Bezdek Chun Yee Yu CprE 585 Survey Project 12/10/04.
Embedded Real-Time Systems
Hardware-rooted Trust for Secure Key Management & Transient Trust
Lab 1: Using NIOS II processor for code execution on FPGA
Introduction to parallel programming
COMBINED PAGING AND SEGMENTATION
Chapter 1: Introduction
THE PROCESS OF EMBEDDED SYSTEM DEVELOPMENT
Hardware Support for Embedded Operating System Security
Ke Bai and Aviral Shrivastava Presented by Bryce Holton
Implementation of IDEA on a Reconfigurable Computer
Dynamically Reconfigurable Architectures: An Overview
Another Performance Evaluation of Memory Hierarchy in Embedded Systems
ICIEV 2014 Dhaka, Bangladesh
Virtual Memory Overcoming main memory size limitation
Operating System Introduction.
Code Transformation for TLB Power Reduction
Maria Méndez Real, Vincent Migliore, Vianney Lapotre, Guy Gogniat
Design of Digital Circuits Lab 8 Supplement: Full System Integration
CSE 542: Operating Systems
Presentation transcript:

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe Diguet Lab-STICC CRNS UMR 3192 – UBS Lorient, France Russell Tessier, Deepak Unnikrishnan Reconfigurable Computing Group, UMass Amherst, USA

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI INTRODUCTION Cost of security: Memory Performance Energy No architectural trick to solve these issues New way of building application relying on specific security hardware

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI OTP core overview (1/4) Main idea: use the memory acces time to overlap the security computation (OTP generation and integrity checking) OTP generation: AES core Integrity checking: CRC OTP core principle

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI OTP core overview (2/4) Data request OTP generation (AES) xor (a) (b) crc Memory answer Data request Memory answer OTP generation (AES) Sending data to core xorcrc xor crc xorcrc xorcrc xorcrc xorcrc xorcrc Data request (c) Memory answer OTP generation (AES) xorcrcxorcrc Data 5-8 d2 d3 d4 d5 d6 d7 d8 crc d1 Data 1-4 OTP core latency

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI OTP core overview (3/4) OTP core architecture – Write request TRUSTED ZONEUNTRUSTED ZONE OTP CORE : Write request of a cache line AES core Data cache Instruction cache Processor core External memory Time Stamp computation Time Stamp memory Padding value AES key AES inputAES output of Cache line AES core Ciphered cache line Clear cache line CRC generator CRC memory Original OTP coreExtended OTP core

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI OTP core overview (4/4) External memory TRUSTED ZONEUNTRUSTED of Cache line Processor core OTP CORE : Read request of a cache line Instruction cache Data cache Time Stamp memory Padding value AES key AES input AES output AES core XOR Time Stamp computation Clear cache line Ciphered cache line CRC generator CRC memory validation = ? Original OTP coreExtended OTP core OTP core architecture – Read request

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Security memory management (1/4) Security management based on memory mapping of the code & data Adapted for application running with an Operating System Task 1 code Task 2 code Task n code OS code R/W data OS data Task 1 stack Task 2 stack Task n stack Non protected Confidentiality Confidentiality / Integrity Uniform protection Advantages: Reduction of security memory overhead Reduction of software execution losses Reduction of power consumption due to security Principle

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Security memory management (2/4) External memory TRUSTED ZONEUNTRUSTED of Cache line Processor core OTP CORE : Read request of a cache line Instruction cache Data cache Time Stamp memory Padding value AES key AES inputAES output AES core XOR Time Stamp computation Clear cache line Ciphered cache line CRC generator CRC memory validation = ? Original OTP coreExtended OTP core Address filtering Data filtering

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Security memory management (3/4) TRUSTED ZONEUNTRUSTED ZONE OTP CORE : Write request of a cache line AES core Data cache Instruction cache Processor core External memory Time Stamp computation Time Stamp memory Task ID AES key AES inputAES of Cache line AES core Ciphered cache line Clear cache line CRC generator CRC memory XOR = ? validation Core control Security Memory Mapping Architecture – Write request

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Security memory management (4/4) External memory TRUSTED ZONEUNTRUSTED of Cache line Processor core OTP CORE : Read request of a cache line Instruction cache Data cache Time Stamp memory Task ID AES key AES inputAES output AES core Time Stamp computation Clear cache line Ciphered cache line CRC generator CRC memory validation = ? Core control Security Memory Mapping = ? Core control validation XOR Architecture – Read request

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Experimental approach (1/2) Global view of the architecture: NIOS 2 High resolution timer Flash bridge DDR sdram bridge JTAG 4 applications running with MicroC/OS-II: Image processing (morphological image processing) Video On Demand (RS, AES, MPEG-2) Communication (RSd, AES,RSc) Multi hash (MD5, SHA-1, SHA-2 ) Architecture & Applications

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Experimental approach (2/2) 3 security levels: No protection Uniform protection (Confidentiality & integrity or confidentiality only for the whole memory) Programmable protection (memory segment & policy decided by the software designer) App.TasksMem Segs. Total mem (kB) Code / Data Image VOD Comm Hash Applications partitioning Confidentiality & integrityConfidentialityNo protection Appcodedatacodedatacodedata kBTS TS TS TS TS TS Image VOD Comm Hash

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Experimental result (1/5) Programmable security applied has a direct impact on the size of the design Area overhead Uniform protectionProgrammable protection NIOS II + HSCHSCNIOS II + HSCHSC ALUTsFFsALUTsFFsALUTsFFsALUTsFFs Image VOD Comm Hash ~65 % for UP, ~70% for PP ~50 % for UP, ~45% for PP Area overhead

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI %13.75 % Experimental result (2/5) Software performances losses compared with NP Performances No Protection Uniform ProtectionProgrammable Protection (ms) Image % % Image 2k % % VOD % % VOD 2k % % Comm % % Comm 2k %24.6-8% Hash %5.3-15% Hash 2k %3.7-14% %8.75%

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Experimental result (3/5) Memory overhead is fully dependant of the designer choice for security policy Memory has a double cost (space & energy) Memory overhead Uniform Protection Programmable Protection Image (kB) % VOD (kB) % Comm (kB) % Hash (kB) % TS data CRC data CRC code kbytes 43.2

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Experimental result (4/5) Energy consumption Programmable protectionUniform protectionNo protection 33% 26% ~15% saved compared with UP~30% saved compared with UP 38% 28%

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Experimental result (5/5) Programmable protectionUniform protectionNo protection 58% 42% ~14% saved compared with UP~8% saved compared with UP 33% 42% Energy consumption

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI Conclusion & future work Security mapping can help to make some save (area, performance, memory, energy) Fully done in hardware, no OS modification Dynamic addition of new secured zone Download of new tasks Application update/patch Important difficulties : identification of the entity which is writing in the hardware security core

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.