Activities per year
Abstract
Embedded multiprocessor system-on-chip (MPSoC) architectures allow implementation of mixed critical applications and provide security mechanisms to segregate and protect system resources such as ARM TrustZone. These architectures enforce strict security measures right from the powering on of the system, to prevent misuse and compromise. However, such security mea- sures have been found vulnerable where security design practices are not considered or are poorly implemented, particularly at software and hardware stack boundaries. Also, the embedded solutions developed using these MPSoC platforms are vulnerable to single points of failure and do not contain active response or mitigations for circumstances where a compromise occurs.
This paper proposes pro-active hardware based policing and policy enforcement approach, along with system architecture and its hardware components, to this research problem. The architecture is physically isolated from the rich computing resources which actively monitors communications of system resources on the ARM AMBA-AXI4 bus. It detects anomalous system behaviours such as policy violation or compromised bus communication responses, and responds with predefined active countermeasures, such as deletion of secret data or disabling of the device to tackle security vulnerabilities and attacks at run- time. This proposed solution complements existing embedded hardware and software security technologies and provides an additional layer of hardware security when a vulnerability is found and exploited. This contribution lends itself to the principle of least privilege, implemented in software-based access control solutions like SELinux to mitigate when other protections have failed. This paper presents a proof-of-concept work supported by preliminary synthesis results on Xilinx Zynq-7000 and Ultra- Scale+ MPSoC chips.
This paper proposes pro-active hardware based policing and policy enforcement approach, along with system architecture and its hardware components, to this research problem. The architecture is physically isolated from the rich computing resources which actively monitors communications of system resources on the ARM AMBA-AXI4 bus. It detects anomalous system behaviours such as policy violation or compromised bus communication responses, and responds with predefined active countermeasures, such as deletion of secret data or disabling of the device to tackle security vulnerabilities and attacks at run- time. This proposed solution complements existing embedded hardware and software security technologies and provides an additional layer of hardware security when a vulnerability is found and exploited. This contribution lends itself to the principle of least privilege, implemented in software-based access control solutions like SELinux to mitigate when other protections have failed. This paper presents a proof-of-concept work supported by preliminary synthesis results on Xilinx Zynq-7000 and Ultra- Scale+ MPSoC chips.
Original language | English |
---|---|
Title of host publication | 2018 31st IEEE International System-on-Chip Conference (SOCC) |
Publisher | IEEE |
Pages | 130-135 |
Number of pages | 6 |
ISBN (Electronic) | 978-1-5386-1491-4 |
DOIs | |
Publication status | Published - 21 Jan 2019 |
Event | 31st International IEEE System-on-Chip Conference - Washington, United States Duration: 04 Sep 2018 → 07 Sep 2018 Conference number: 31 https://www.ieee-socc.org/ |
Publication series
Name | |
---|---|
ISSN (Electronic) | 2164-1706 |
Conference
Conference | 31st International IEEE System-on-Chip Conference |
---|---|
Abbreviated title | IEEE SoCC |
Country/Territory | United States |
City | Washington |
Period | 04/09/2018 → 07/09/2018 |
Internet address |
Keywords
- FPGA
- MPSoC
- SoC
- Zynq
- ARM AMBA AXI4
- ARM TrustZone
- Hardware Trojan
- Policing
- defense
- Proactive
ASJC Scopus subject areas
- Computer Science(all)
- Engineering(all)
- Hardware and Architecture
- Safety, Risk, Reliability and Quality
- Information Systems
- Architecture
Fingerprint
Dive into the research topics of 'Pro-Active Policing and Policy Enforcement Architecture for Securing MPSoCs'. Together they form a unique fingerprint.Activities
- 2 Participation in conference
-
IEEE Conference on System-on-Chip
Fahad Manzoor Siddiqui (Participant)
09 Sep 2020Activity: Participating in or organising an event types › Participation in conference
-
31st International IEEE System-on-Chip Conference
Fahad Manzoor Siddiqui (Participant)
04 Sep 2018 → 30 Sep 2018Activity: Participating in or organising an event types › Participation in conference