Pro-Active Policing and Policy Enforcement Architecture for Securing MPSoCs

Research output: Chapter in Book/Report/Conference proceedingConference contribution

268 Downloads (Pure)


Embedded multiprocessor system-on-chip (MPSoC) architectures allow implementation of mixed critical applications and provide security mechanisms to segregate and protect system resources such as ARM TrustZone. These architectures enforce strict security measures right from the powering on of the system, to prevent misuse and compromise. However, such security mea- sures have been found vulnerable where security design practices are not considered or are poorly implemented, particularly at software and hardware stack boundaries. Also, the embedded solutions developed using these MPSoC platforms are vulnerable to single points of failure and do not contain active response or mitigations for circumstances where a compromise occurs.
This paper proposes pro-active hardware based policing and policy enforcement approach, along with system architecture and its hardware components, to this research problem. The architecture is physically isolated from the rich computing resources which actively monitors communications of system resources on the ARM AMBA-AXI4 bus. It detects anomalous system behaviours such as policy violation or compromised bus communication responses, and responds with predefined active countermeasures, such as deletion of secret data or disabling of the device to tackle security vulnerabilities and attacks at run- time. This proposed solution complements existing embedded hardware and software security technologies and provides an additional layer of hardware security when a vulnerability is found and exploited. This contribution lends itself to the principle of least privilege, implemented in software-based access control solutions like SELinux to mitigate when other protections have failed. This paper presents a proof-of-concept work supported by preliminary synthesis results on Xilinx Zynq-7000 and Ultra- Scale+ MPSoC chips.
Original languageEnglish
Title of host publication2018 31st IEEE International System-on-Chip Conference (SOCC)
Publisher IEEE
Number of pages6
ISBN (Electronic)978-1-5386-1491-4
Publication statusPublished - 21 Jan 2019
Event31st International IEEE System-on-Chip Conference - Washington, United States
Duration: 04 Sep 201807 Sep 2018
Conference number: 31

Publication series

ISSN (Electronic)2164-1706


Conference31st International IEEE System-on-Chip Conference
Abbreviated titleIEEE SoCC
Country/TerritoryUnited States
Internet address


  • FPGA
  • MPSoC
  • SoC
  • Zynq
  • ARM TrustZone
  • Hardware Trojan
  • Policing
  • defense
  • Proactive

ASJC Scopus subject areas

  • Computer Science(all)
  • Engineering(all)
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality
  • Information Systems
  • Architecture


Dive into the research topics of 'Pro-Active Policing and Policy Enforcement Architecture for Securing MPSoCs'. Together they form a unique fingerprint.

Cite this