Presentation is loading. Please wait.

Presentation is loading. Please wait.

ASAP 2017 - The 28th Annual IEEE International Conference on Application-specific Systems, Architectures and Processors July 10th-12th 2017, Seattle, WA,

Published byPhilippa Baldwin Modified over 6 years ago

Similar presentations

Presentation on theme: "ASAP 2017 - The 28th Annual IEEE International Conference on Application-specific Systems, Architectures and Processors July 10th-12th 2017, Seattle, WA,"— Presentation transcript:

1 ASAP The 28th Annual IEEE International Conference on Application-specific Systems, Architectures and Processors July 10th-12th 2017, Seattle, WA, USA DoSGuard: Protecting Pipelined MPSoCs Against Hardware Trojan Based DoS Attacks Amin Malekpour, Roshan Ragel, Aleksandar Ignjatovic, and Sri Parameswaran School of Computer Science and Engineering University of New South Wales, Sydney, Australia

2 Outline Introduction Related Work Proposed Architecture
Comparison with State of the Art

3 Introduction Hardware Trojans (HTs) - malicious modifications to ICs
ICs vulnerabilities to HT: Economic pressure Design outsourcing Reliance on IPs Unverified design automation tools HT free components - arduous task #efforts to reduce time to market##Ensuring components are free #even the best detection techniques are not able to detect all the malicious modifications

4 Functional/Data Modification Denial of Service (DOS)
Introduction Table 1: hardware Trojan Taxonomy Logic Type Physical Layout Location Abstraction Insertion Triggering Mechanism Payload Sequential Large Processor System Specification Always on Information Leakage Combinational Small Memory RTL Design Internally Functional/Data Modification Hybrid Augmented I/O Logic Fabrication Externally Denial of Service (DOS) Clustered Power Supply Transistor Testing Distributed Clock Grid Physical Assembly #efforts to reduce time to market##Ensuring components are free #even the best detection techniques are not able to detect all the malicious modifications

5 Introduction Most researches - detecting an HT or preventing its activation No guarantee - detection or prevention Solution - methods for safely operating in HT presence DoSGuard contributions: DoS attack detection Identification and isolation Fast recovery Therefore We must pursue methods for safely operating in Trojan presence assuming they will be active within our system #A simple system-level #A mechanism to limit data leakage and make the leaked data less usable by an adversary is proposed#

6 Related Work Most of the techniques presented here….
Table 2: Effectiveness of the Different Techniques Technique Detection Identification Recovery Bloom09 [6] Beaumont12 [4] Cui14 [8] Rajendaran16 [16] Most of the techniques presented here…. Data leakage is the chalenging part

7 Architecture Stream programming - parallelism of many-core architectures Applications – Network processing, Multimedia, and DSP Processor Pipelines – Improve throughput and performance Pipelined MPSoC Architecture paradigm for exploiting the parallelism of many-core architectures Processor pipelines are used to improve throughput and performance of streaming applications

8 Architecture - PMPSoC Color Conversion Motion Estimation Motion Compensation TQE Inverse TQ Write Back # an PMPSoC with 6 stages running H.264 application is presented here. Each stage of the pipeline is responsible for a particular task. For instance the first stage is responsible for …TQE: Transform Quantize Encode Pipelined MPSoC Architecture Running H.264 Application

9 #cores in the sleeping pool are clock gated.
Architecture – DoSGuard V1 V3 V2 V1 V2 V3 V1 V3 V1 V3 V2 Sleeping Pool Untrusted Pool V3 V2 V1 Monitor Cores TMR V3 V2 V1 #cores in the sleeping pool are clock gated. # We use the read/write delay of the pipeline buffers to detect DoS attacks caused by hardware Trojans # delays in the buffers immediately preceding and succeeding the processor # When a core is under DoS attack, its input buffer would be full, and/or its output buffer would be empty as the affected core will not be reading from, or/and writing to its buffers. V3 V2 V1 V3 V2 V1

10 Architecture – RwD Sleeping Pool Untrusted Pool Monitor Cores TMR

11 Architecture – RaD Sleeping Pool Untrusted Pool Testing Monitor Cores TMR # an PMPSoC with 6 stages running H.264 application is presented here. Each stage of the pipeline is responsible for a particular task. For instance the first stage is responsible for …TQE: Transform Quantize Encode

12 Results Throughput vs. # of Attacks and Monitoring Interval for H.264
Failed Failed Failed Throughput vs. # of Attacks and Monitoring Interval for H.264 Throughput for Different Benchmarks

13 Comparison - Related Work
Table 3: Effectiveness of the Different Techniques Technique Detection Identification Recovery Bloom09 [6] Beaumont12 [4] Cui14 [8] Rajendaran16 [16] DoSGuard - RaD DoSGuard - RwD

14 Comparison with State of the Art
J. Rajendran, O. Sinanoglu, and R. Karri. “Building trustworthy systems using untrusted components: A high-level synthesis approach”, IEEE Transactions on VLSI Systems, 2016. Base System – M cores, 2 cores per each stage Table 5: Hardware Trojan Infected Cores Identification Table 4: Hardware Trojan Attacks Detection Technique # of Cores Dyn. Power Sta. Power State of the Art 3M PD*(3M) PS*(3M) DoSGuard - RaD 1.5M + 3 PD*(M+3) PS*(1.5M+3) Technique # of Cores Dyn. Power Sta. Power State of the Art 2M PD*(2M) PS*(2M) DoSGuard M + 3 PD*(M+3) PS*(M+3) Using duplication and diversity techniques to detect hardware Trojan that affect the output of the system or deny service For identification of the Trojan infected cores, proposed to triplicate the number of cores (TMR) PMPSoC with state of the art will have …… PMPSoC with Trojan guard will have …..

15 Attack Scenarios - DoS attacks
PMPSoC - failure of one stage - failure of the entire system Monitoring System - TMR !!!! Input - True/False Signals + Buffer Delays Time bomb Trojans – Resetting the Cores TMR TMR TMR TMR Therefore we argue that it is unlikely for Ht to get triggered in …. Monitors are scheduler TMR

16 Summary DoSGuard: Detect, Identify, and Recover – DoS attacks Fewer number of cores, Less power, No throughput reduction In comparison to the other thechniques trojanguard will do these by fewer

17 Thank You! I would be glad to see you at poster presentation for more discussion on Trojanguard

Download ppt "ASAP 2017 - The 28th Annual IEEE International Conference on Application-specific Systems, Architectures and Processors July 10th-12th 2017, Seattle, WA,"

Similar presentations

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science.

Tamper Evident Microprocessors Adam Waksman Simha Sethumadhavan Computer Architecture & Security Technologies Lab (CASTL) Department of Computer Science.
Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.

Critical Software Security Through Replication and Virtualization A Research Proposal Dennis Edwards Sharon Simmons Arangamanikkannan Manickam.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 4: The Building Blocks: Binary Numbers, Boolean Logic, and Gates Invitation to Computer Science, Java Version, Third Edition.

Chapter 4: The Building Blocks: Binary Numbers, Boolean Logic, and Gates Invitation to Computer Science, Java Version, Third Edition.
Feng-Xiang Huang A Low-Cost SOC Debug Platform Based on On-Chip Test Architectures.

Feng-Xiang Huang A Low-Cost SOC Debug Platform Based on On-Chip Test Architectures.
ECE 667 - Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.

An Integrated Framework for Dependable Revivable Architectures Using Multi-core Processors Weiding Shi, Hsien-Hsin S. Lee, Laura Falk, and Mrinmoy Ghosh.
A Flexible Parallel Architecture Adapted to Block-Matching Motion-Estimation Algorithms Santanu Dutta, and Wayne Wolf IEEE Trans. On CSVT, vol. 6, NO.

A Flexible Parallel Architecture Adapted to Block-Matching Motion-Estimation Algorithms Santanu Dutta, and Wayne Wolf IEEE Trans. On CSVT, vol. 6, NO.
Min-Sheng Lee Efficient use of memory bandwidth to improve network processor throughput Jahangir Hasan 、 Satish ChandraPurdue University T. N. VijaykumarIBM.

Min-Sheng Lee Efficient use of memory bandwidth to improve network processor throughput Jahangir Hasan 、 Satish ChandraPurdue University T. N. VijaykumarIBM.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Introduction SYSC5603 (ELG6163) Digital Signal Processing Microprocessors, Software and Applications Miodrag Bolic.

Introduction SYSC5603 (ELG6163) Digital Signal Processing Microprocessors, Software and Applications Miodrag Bolic.
University of Michigan Electrical Engineering and Computer Science 1 Streamroller: Automatic Synthesis of Prescribed Throughput Accelerator Pipelines Manjunath.

University of Michigan Electrical Engineering and Computer Science 1 Streamroller: Automatic Synthesis of Prescribed Throughput Accelerator Pipelines Manjunath.
Chapter 4: The Building Blocks: Binary Numbers, Boolean Logic, and Gates Invitation to Computer Science, C++ Version, Fourth Edition.

Chapter 4: The Building Blocks: Binary Numbers, Boolean Logic, and Gates Invitation to Computer Science, C++ Version, Fourth Edition.
1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.

1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.
Hardware Design of High Speed Switch Fabric IC. Overall Architecture.

Hardware Design of High Speed Switch Fabric IC. Overall Architecture.
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
Securing the core root of trust (research in secure hardware design and test) Ramesh Karri ECE Department.

Securing the core root of trust (research in secure hardware design and test) Ramesh Karri ECE Department.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Sogang University Advanced Computing System Chap 1. Computer Architecture Hyuk-Jun Lee, PhD Dept. of Computer Science and Engineering Sogang University.

Sogang University Advanced Computing System Chap 1. Computer Architecture Hyuk-Jun Lee, PhD Dept. of Computer Science and Engineering Sogang University.

Similar presentations

Ads by Google