Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Published byLuz Jennison Modified over 9 years ago

Similar presentations

Presentation on theme: "Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy."— Presentation transcript:

1 Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy

2 Disclaimer The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.

3 Lecture 3 Overview Apply primitives to memory protection Design Example

4 Memory Protection Apply primitives to memory protection Design Example

5 Memory Protection Goal: Allow cores to share memory securely Opportunity: Leverage the benefits of hardware A reconfigurable reference monitor enforces a policy that specifies the legal sharing of memory

6 FPGA Chip Memory Protection SDRAM (off-chip) DRAM Crypto Core CPU Core AES Reference Monitor X X

7 Memory Protection Goal: Allow cores to share memory securely Opportunity: Leverage the benefits of hardware A reconfigurable reference monitor enforces a policy that specifies the legal sharing of memory

8 A Memory Protection Language All modules on chip must obey a memory access policy Memory protection policies are expressed in the language Compiler translates the policy to a circuit

9 Formal Top Level Specification (FTLS) A precise language of legal accesses – Subjects (Modules) – Access Rights – Objects (Memory Ranges) Fixed (Stateless) Models Transitional (Stateful) Models

10 Isolation Example A fixed (stateless) model Each core is restricted to a fixed range (or set of ranges) of memory Each range can only be assigned to one core Access  {Module 1,rw,Range 1 } | {Module 2,rw,Range 2 }; Policy  (Access)*; Module 1 Range 1 Compartment 1 rw Module 2 Range 2 Compartment 2 rw

11 Policy Compiler 1. Policy FTLS: – Access  {Module 1,rw,Range 1 } | {Module 2,rw,Range 2 }; – Policy  (Access)*; 2. Regular Expression: – ({Module 1,rw,Range 1 } | {Module 2,rw,Range 2 })* 3. Minimized DFA: 4. Verilog HDL: – case({module_id,op,r1,r2}) 9 ’ b011110: //Module 1,rw,Range 1 – state=s0; 9 ’ b101101: //Module 2,rw,Range 2 – state=s0; default: – state=s1; //reject – endcase init 0 {M 1,rw,R 1 }, {M 2,rw,R 2 }

12 Policy Compiler Design Flow

13 Enforcement Module Parallel search

14 What we have done Automated design flow from FTLS to synthesized circuit Language has a well-defined grammar Powerful enough to express a variety of policies that we have compiled and tested

15 Methodology Constructed several isolation policies – Varied the number of ranges Used Quartus to synthesize Measured: – Area (Logic Cells) – Setup Time – Cycle Time Range State T su TcTc

16 Synthesis Results

17 Possible Storage Channel M1 M2 R1: r_ r_ R2: __ _wR2: __ r_ M1 M2 R1: r_ __ {M1,r,R1} Step 1: Module 2 can read Range 1 Step 2: Module 1 changes the state by reading Range 1 Step 3: Module 2 can no longer read Range 1 Step 4: Module 1 changes the state by reading Range 1 init

18 A Higher Level Language Input – High; – Module 1  TS; – Module 2  U; – Range 1  U; – Range 2  U; Output – Trigger 1  {M 1,w,R 1 }; – Trigger 2  {M 1,w,R 2 }; – Access 0  {M 1,r,R 1 } |{M 1,r,R 2 }|{M 2,rw,R 1 }|{M 2,rw,R 2 }; – Access 1  {M 1,rw,R 1 } |{M 1,r,R 2 }|{M 2,w,R 1 }|{M 2,rw,R 2 }; – Access 12  {M 1,rw,R 1 }|{M 1,rw,R 2 }|{M 2,w,R 1 }|{M 2,w,R 2 }; – Access 2  {M 1,r,R 1 }|{M 1,rw,R 2 }|{M 2,w,R 1 }|{M 2,w,R 2 }; – Access 21  {M 1,rw,R 1 }|{M 1,rw,R 2 }|{M 2,w,R 1 }|{M 2,w,R 2 }; – Path1  (  |Trigger 1 Access 1 * (  |Trigger 2 Access 12 *)); – Path2  (  |Trigger 2 Access 2 * (  |Trigger 1 Access 21 *)); – Policy  Access 0 * (  |Path 1 |Path 2 );

19 Design Example Apply primitives to memory protection Design example

20 Goals of Design Example Evaluate security primitives for reconfigurable hardware Build a real system with multiple cores Design a security policy for the system Efficient memory system performance Programmatic interface to system

21 System Overview OPB ublaze 1 Ref Monitor/Arbiter Shared External Memory AES Core RS232 Ethernet

22 Security Policy Range 0  [0x41400000,0x4140ffff]; (Debug) Range 1  [0x28000000,0x28000777]; (AES1) Range 2  [0x28000800,0x28000fff]; (AES2) Range 3  [0x24000000,0x24777777]; (DRAM1) Range 4  [0x24800000,0x24ffffff]; (DRAM2) Range 5  [0x40600000,0x4060ffff]; (RS-232) Range 6  [0x40c00000,0x40c0ffff]; (Ethernet) Range 7  [0x28000004,0x28000007]; (Ctrl_Word 1 ) Range 8  [0x28000008,0x2800000f]; (Ctrl_Word 2 ) Range 9  [0x28000000,0x28000003]; (Ctrl_Word AES )

23 Security Policy Access 0  {M 1,rw,R 5 }|{M 2,rw,R 6 }|{M 1,rw,R 3 } |{M 2,rw,R 4 }|{M 1,rw,R 0 }|{M 2,rw,R 0 }; Access 1  Access 0 |{M 1,rw,R 1 }|{M 1,rw,R 9 }; Access 2  Access 0 |{M 2,rw,R 1 }|{M 2,rw,R 9 }; Trigger 0  {M 1,w,R 7 }; Trigger 1  {M 1,w,R 8 }; Trigger 2  {M 2,w,R 7 }; Trigger 3  {M 2,w,R 8 }; Expr 1  Access 0 |Trigger 3 Access 2 *Trigger 4 ; Expr 2  Access 1 |Trigger 2 Expr 1 *Trigger 1 ; Expr 3  Expr 1 *Trigger 1 Expr 2 *; Policy  Expr 1 *|Expr 1 *Trigger 3 Access 2 * |Expr 3 Trigger 2 Expr 1 *Trigger 3 Access 2 * |Expr 3 Trigger 2 Expr 1 *|Expr 3 |  ;

24 Security Policy DFA

25 User Interface Currently using Hyperterminal to connect to AES core via serial connection – Tested using 128 bit key & data manually parsed into 32 bit lines and sent via hyperterminal. s 5 8 16 0 ce537f5e 5a567cc9 966d9259 0336763e 6a118a87 4519e64e 9963798a 503f1d35

26 User Interface Progress – Implemented User Interface was implemented in C++. SERIAL OR ETHERNET? [1-SERIAL][2-ETHERNET] ENCRYPT OR DECRYPT? [1-ENCRYPT][2-DECRYPT] INPUT FILENAME: KEY FILENAME: OUTPUT SENT TO OUTPUT.TXT

27 Conclusions Fabric of computing is changing FPGAs are growing in importance Efficient security primitives are possible to build in reconfigurable hardware

28 Future Work Multi-Core Security Our methods can also be applied to the non- reconfigurable domain Modern FPGAs have multiple CPUs on one chip Reference monitor can be hard-wired

29 Lecture 3 Reading [Conference Version] Policy-Driven Memory Protection for Reconfigurable Hardware http://dl.acm.org/citation.cfm?id=2163301 [Journal Version] Managing Security in FPGA- Based Embedded Systems http://dx.doi.org/10.1016/j.cose.2008.05.002

Download ppt "Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy."

Similar presentations

Nios Multi Processor Ethernet Embedded Platform Final Presentation

Nios Multi Processor Ethernet Embedded Platform Final Presentation
purpose Search : automation methods for device driver development in IP-based embedded systems in order to achieve high reliability, productivity, reusability.

purpose Search : automation methods for device driver development in IP-based embedded systems in order to achieve high reliability, productivity, reusability.
Verilog HDL -Introduction

Verilog HDL -Introduction
FPGA (Field Programmable Gate Array)

FPGA (Field Programmable Gate Array)
Hao wang and Jyh-Charn (Steve) Liu

Hao wang and Jyh-Charn (Steve) Liu
© 2003 Xilinx, Inc. All Rights Reserved Course Wrap Up DSP Design Flow.

© 2003 Xilinx, Inc. All Rights Reserved Course Wrap Up DSP Design Flow.
ENEL111 Digital Electronics

ENEL111 Digital Electronics
Simulation executable (simv)

Simulation executable (simv)
Verilog Overview. University of Jordan Computer Engineering Department CPE 439: Computer Design Lab.

Verilog Overview. University of Jordan Computer Engineering Department CPE 439: Computer Design Lab.
Combinational Logic.

Combinational Logic.
Verilog Intro: Part 1.

Verilog Intro: Part 1.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
ECE 551 Digital System Design & Synthesis Lecture 08 The Synthesis Process Constraints and Design Rules High-Level Synthesis Options.

ECE 551 Digital System Design & Synthesis Lecture 08 The Synthesis Process Constraints and Design Rules High-Level Synthesis Options.
Presenter: PCLee – 2011.03.02. This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.

Presenter: PCLee – This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.
Graduate Computer Architecture I Lecture 15: Intro to Reconfigurable Devices.

Graduate Computer Architecture I Lecture 15: Intro to Reconfigurable Devices.
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
Super Fast Camera System Performed by: Tokman Niv Levenbroun Guy Supervised by: Leonid Boudniak.

Super Fast Camera System Performed by: Tokman Niv Levenbroun Guy Supervised by: Leonid Boudniak.
ENGIN112 L38: Programmable Logic December 5, 2003 ENGIN 112 Intro to Electrical and Computer Engineering Lecture 38 Programmable Logic.

ENGIN112 L38: Programmable Logic December 5, 2003 ENGIN 112 Intro to Electrical and Computer Engineering Lecture 38 Programmable Logic.
Computing Components 01/26/11. Announcements & Reminders Programs 1 due Friday, 9/2/11 What is my late policy? Proxy Codes for Labs  You should be able.

Computing Components 01/26/11. Announcements & Reminders Programs 1 due Friday, 9/2/11 What is my late policy? Proxy Codes for Labs  You should be able.
Configurable System-on-Chip: Xilinx EDK

Configurable System-on-Chip: Xilinx EDK

Similar presentations

Ads by Google