Pro-active policing and policy enforcement architecture for securing MPSoCs

Fahad Manzoor Siddiqui, Matthew Hagan, Sakir Sezer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)
360 Downloads (Pure)

Abstract

Embedded multiprocessor system-on-chip (MPSoC) architectures allow implementation of mixed critical applications and provide security mechanisms to segregate and protect system resources such as ARM TrustZone. These architectures enforce strict security measures right from the powering on of the system, to prevent misuse and compromise. However, such security mea- sures have been found vulnerable where security design practices are not considered or are poorly implemented, particularly at software and hardware stack boundaries. Also, the embedded solutions developed using these MPSoC platforms are vulnerable to single points of failure and do not contain active response or mitigations for circumstances where a compromise occurs.
This paper proposes pro-active hardware based policing and policy enforcement approach, along with system architecture and its hardware components, to this research problem. The architecture is physically isolated from the rich computing resources which actively monitors communications of system resources on the ARM AMBA-AXI4 bus. It detects anomalous system behaviours such as policy violation or compromised bus communication responses, and responds with predefined active countermeasures, such as deletion of secret data or disabling of the device to tackle security vulnerabilities and attacks at run- time. This proposed solution complements existing embedded hardware and software security technologies and provides an additional layer of hardware security when a vulnerability is found and exploited. This contribution lends itself to the principle of least privilege, implemented in software-based access control solutions like SELinux to mitigate when other protections have failed. This paper presents a proof-of-concept work supported by preliminary synthesis results on Xilinx Zynq-7000 and Ultra- Scale+ MPSoC chips.
Original languageEnglish
Title of host publication2018 31st IEEE International System-on-Chip Conference (SOCC)
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages130-135
Number of pages6
ISBN (Electronic)978-1-5386-1491-4
DOIs
Publication statusPublished - 21 Jan 2019
Event31st International IEEE System-on-Chip Conference - Washington, United States
Duration: 04 Sept 201807 Sept 2018
Conference number: 31
https://www.ieee-socc.org/

Publication series

Name
ISSN (Electronic)2164-1706

Conference

Conference31st International IEEE System-on-Chip Conference
Abbreviated titleIEEE SoCC
Country/TerritoryUnited States
CityWashington
Period04/09/201807/09/2018
Internet address

Keywords

  • FPGA
  • MPSoC
  • SoC
  • Zynq
  • ARM AMBA AXI4
  • ARM TrustZone
  • Hardware Trojan
  • Policing
  • defense
  • Proactive

ASJC Scopus subject areas

  • General Computer Science
  • General Engineering
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality
  • Information Systems
  • Architecture

Fingerprint

Dive into the research topics of 'Pro-active policing and policy enforcement architecture for securing MPSoCs'. Together they form a unique fingerprint.

Cite this