Presentation is loading. Please wait.

Presentation is loading. Please wait.

R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ.

Published byMaximillian Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ."— Presentation transcript:

1 R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ

2 I NTRODUCTION Security challenges - Limited resources - Power constraints. SANES (Security Architecture for Embedded Systems ) - Reconfigurable hardware - Efficient, flexible - Supports security standards,range of attacks. The SANES architecture is based on - Reconfigurable security primitives - Reconfigurable hardware monitors - A hierarchy of security controllers 2

3 M AIN ISSUES TO BE CONSIDERED WHEN DESIGNING THE ARCHITECTURE Security primitives and protocols Attacks CURRENT SOLUTIONS TO ADDRESS BOTH FACE SEVERAL GAPS SUCH AS Processing gap Battery gap Flexibility gap Tamper resistance gaps Assurance gaps SOLUTIONS Reconfigurable computing : high performance and flexibility Intrusion detection system : detect abnormal behavior 3

4 P URPOSE Prevention, detection, remediation of attacks Dynamically adapt security protections to deal with dynamic constraints Reconfigurable hardware, A continuous monitoring system Performance and energy issues are taken care by reconfigurable security primitives Reliability is managed by use of different implementations Hierarchy of hardware monitors - Provides different levels of flexibility - Enables compromise between accuracy and simplicity 4

5 5 SANES ARCHITECTURE

6 M ONITORS Track specific data of system Number and complexity - Overhead cost of security architecture Role - Detect attacks against system Autonomy and adaptability Distributed : analyze different parts - Battery - Buses - Security primitives - Communication channel Reflex reaction Global reaction 6

7 SEP: S ECURITY E XECUTIVE P ROCESSOR Links monitors by on-chip intelligence Controls the network Acts as gateway to outside world. Provides software to map new monitoring and verification algorithms to monitors. Issues commands to control operation 7

8 R ECONFIGURABLE ARCHITECTURE Implements security primitives Security primitives work independently Speedup computation of security algorithm Flexibility - Update primitives - Switch from one primitive to another Tradeoffs: throughput, area, latency, reliability, power,energy to meet real time constraints 8

9 9 SECURITY PRIMITIVE ARCHITECTURE FOR AES

10 R ECONFIGURABLE S ECURITY P RIMITIVE Security primitive datapath Security Primitive Controller(SPC) - Flexibility - Memory mapped mechanism - Defines the configuration of primitive - Control tasks - Processor configures the SPC - Check what execution modes can be used System Security Controller(SSC) - Connected to security primitive - Monitor the primitive - Detects attacks against the primitive - Also connected to other monitors 10

11 11 FSM OF THE SPC Initialization state, Configuration state, Run state Stop state, Security state

12 D YNAMIC SECURITY WITHIN THE SYSTEM : MONITORING Execution of the security primitives - Managed by SPC - Flexibility Protect system - Managed by SSC - Deals with attacks Examples of attacks - Hijacking - Denial of service - Extraction of secret information 12

13 H EURISTIC APPROACH Problem - The normal defined behavior can be over written This works for Embedded systems - Simplicity of work load - Repetitiveness of workload - Application profiling - Capture large fraction of application behavior - Power, clock, bus, security primitive,communication channel monitors 13

14 P ERFORMANCE AND SECURITY POLICIES SPC: - New configuration, best performance tradeoff - It runs protected modes only when required - Continuously checks the state of the system - Best performance of the primitive SPC selects parameters - The power limitation - Evolving environment - Level of quality of the communication channels. 14

15 A ES (A DVANCED E NCRYPTION S TANDARD ) CASE STUDY Memory - Bit streams (each bit stream corresponds to a configuration). registers - The algorithm AES - Execution mode (i.e. feedback, non-feedback) - The key and data sizes(i.e. 128 bits). Architecture parameters. - Reliability (i.e. no, fault detection, fault tolerance), - On the throughput, - The area (use rate of the device) - The energy consumption. 15

16 C ONFIGURATIONS C ONSIDERED Solution corresponds to different levels of performance - Area - Energy efficiency which represents the throughput. - Power Feedback Mode(FB) Feedback mode with fault detection(FB_FB) Feedback Mode with fault tolerance( FB_FT) - Most secure - Area and energy overheads are very high Fault detection is a good compromise to guarantee the performance and to increase the security of the primitive 16

17 17 COMPARISON OF PARAMETERS FOR THE THREE ARCHITECTURES

18 18 AREA CONSTRAINT ASSOCIATED WITH THE THREE MODELS

19 A DVANTAGES Application verification and protection is provided in dedicated hardware and not inside application Implies dynamically updated durability Flexibility and security Hierarchy of hardware monitors Meets embedded system constraints 19

Download ppt "R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ."

Similar presentations

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Subthreshold SRAM Designs for Cryptography Security Computations Adnan Gutub The Second International Conference on Software Engineering and Computer Systems.

Subthreshold SRAM Designs for Cryptography Security Computations Adnan Gutub The Second International Conference on Software Engineering and Computer Systems.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Introduction CSCI 444/544 Operating Systems Fall 2008.

Introduction CSCI 444/544 Operating Systems Fall 2008.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Making Services Fault Tolerant

Making Services Fault Tolerant
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
Department of Electrical and Computer Engineering Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet,

Department of Electrical and Computer Engineering Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet,
Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,

Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,
1 Soft Timers: Efficient Microsecond Software Timer Support For Network Processing Mohit Aron and Peter Druschel Rice University Presented By Jonathan.

1 Soft Timers: Efficient Microsecond Software Timer Support For Network Processing Mohit Aron and Peter Druschel Rice University Presented By Jonathan.
Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (http://www.cs.umn.edu/Ajanta/publications.html)http://www.cs.umn.edu/Ajanta/publications.html.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
WIRELESS SENSOR NETWORK SECURITY USING GROUP KEY MANAGEMENT SCHEME Presented By: Mohammed Saleh CS 599a Fall06.

WIRELESS SENSOR NETWORK SECURITY USING GROUP KEY MANAGEMENT SCHEME Presented By: Mohammed Saleh CS 599a Fall06.
Operating Systems CS208. What is Operating System? It is a program. It is the first piece of software to run after the system boots. It coordinates the.

Operating Systems CS208. What is Operating System? It is a program. It is the first piece of software to run after the system boots. It coordinates the.
11 SERVER CLUSTERING Chapter 6. Chapter 6: SERVER CLUSTERING2 OVERVIEW  List the types of server clusters.  Determine which type of cluster to use for.

11 SERVER CLUSTERING Chapter 6. Chapter 6: SERVER CLUSTERING2 OVERVIEW  List the types of server clusters.  Determine which type of cluster to use for.
On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.

On-Chip Control Flow Integrity Check for Real Time Embedded Systems Fardin Abdi Taghi Abad, Joel Van Der Woude, Yi Lu, Stanley Bak, Marco Caccamo, Lui.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
OPERATING SYSTEMS Prof. Sujata Rao Lesson 3. Agenda 1. What is an operating system? 2. How have operating systems evolved? 3. Functions of Operating System.

OPERATING SYSTEMS Prof. Sujata Rao Lesson 3. Agenda 1. What is an operating system? 2. How have operating systems evolved? 3. Functions of Operating System.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Similar presentations

Ads by Google