A separation and protection scheme for on-chip memory blocks in FPGAs

2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2016-05-03 DOI:10.1109/HST.2016.7495586

Luis Ramirez Rivera, Xiaofang Wang, D. Chasaki

{"title":"A separation and protection scheme for on-chip memory blocks in FPGAs","authors":"Luis Ramirez Rivera, Xiaofang Wang, D. Chasaki","doi":"10.1109/HST.2016.7495586","DOIUrl":null,"url":null,"abstract":"State-of-the-art FPGAs are quickly evolving into a complete system-on-chip (SoC) platform with aggressive integration of high-performance hard processor cores, gigabytes of dedicated memory blocks, and many commonly used peripherals. As FPGAs increasingly find their way into many critical and sensitive applications, including speeding cryptographic algorithms, security concerns about themselves start mounting. Current countermeasures mostly target hardware trojans, cloning, side-channel attacks, and reverse engineering. Little attention has been devoted to securing dedicated on-chip memory blocks. Moreover, the dynamic reconfigurability nature of FPGAs makes static-only approaches less effective and less efficient. In this paper, we present the design and implementation of a runtime protection scheme for FPGA on-chip memory blocks. To secure on-chip memory inside FPGAs, careful design choices must be taken because of their very low latency and simple flat memory model. A series of rules, called security policies are made. These policies are enforced by a reference monitor who mediates the communications between the intellectual properties (IP) or modules that requires the memory, and the memory itself. The memory security scheme is an implementation of a security kernel, enforced by a series of security policies, with a specific policy algorithm which tells four security monitors to control the memory accesses between IPs and the on-chip memory inside the FPGA used. The results on a Xilinx Virtex-6 FPGA board show that the security monitors themselves are successful in preventing unauthorized accesses from IPs that are marked as “untrusted” while allowing full access from other IPs that are marked as “trusted”, without incurring on a serious area or latency penalty. Also, by preventing the access from “untrusted” IPs and marking connections as “not traversable”, the connections between the untrusted IPs and the memory that it has to share with “trusted” IPs are secured.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"467 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2016.7495586","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

State-of-the-art FPGAs are quickly evolving into a complete system-on-chip (SoC) platform with aggressive integration of high-performance hard processor cores, gigabytes of dedicated memory blocks, and many commonly used peripherals. As FPGAs increasingly find their way into many critical and sensitive applications, including speeding cryptographic algorithms, security concerns about themselves start mounting. Current countermeasures mostly target hardware trojans, cloning, side-channel attacks, and reverse engineering. Little attention has been devoted to securing dedicated on-chip memory blocks. Moreover, the dynamic reconfigurability nature of FPGAs makes static-only approaches less effective and less efficient. In this paper, we present the design and implementation of a runtime protection scheme for FPGA on-chip memory blocks. To secure on-chip memory inside FPGAs, careful design choices must be taken because of their very low latency and simple flat memory model. A series of rules, called security policies are made. These policies are enforced by a reference monitor who mediates the communications between the intellectual properties (IP) or modules that requires the memory, and the memory itself. The memory security scheme is an implementation of a security kernel, enforced by a series of security policies, with a specific policy algorithm which tells four security monitors to control the memory accesses between IPs and the on-chip memory inside the FPGA used. The results on a Xilinx Virtex-6 FPGA board show that the security monitors themselves are successful in preventing unauthorized accesses from IPs that are marked as “untrusted” while allowing full access from other IPs that are marked as “trusted”, without incurring on a serious area or latency penalty. Also, by preventing the access from “untrusted” IPs and marking connections as “not traversable”, the connections between the untrusted IPs and the memory that it has to share with “trusted” IPs are secured.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

fpga片上存储块的分离与保护方案

最先进的fpga正在迅速发展成为一个完整的片上系统(SoC)平台，该平台集成了高性能硬处理器核心、千兆字节的专用内存块和许多常用外设。随着fpga越来越多地进入许多关键和敏感的应用，包括加速加密算法，对其自身的安全担忧开始增加。目前的对策主要针对硬件木马、克隆、侧信道攻击和逆向工程。很少有人注意保护专用的片上存储块。此外，fpga的动态可重构特性使得静态方法的有效性和效率较低。在本文中，我们提出了一个FPGA片上存储块的运行时保护方案的设计和实现。为了确保fpga内部的片上存储器，由于其非常低的延迟和简单的平面存储器模型，必须仔细选择设计。制定了一系列规则，称为安全策略。这些策略由参考监控器执行，该监控器协调需要内存的知识产权(IP)或模块与内存本身之间的通信。内存安全方案是一个安全内核的实现，通过一系列安全策略强制执行，并使用特定的策略算法告诉四个安全监视器控制ip之间的内存访问和所使用的FPGA内部的片上内存。在Xilinx Virtex-6 FPGA板上的结果表明，安全监视器本身成功地阻止了标记为“不受信任”的ip的未经授权访问，同时允许标记为“受信任”的其他ip的完全访问，而不会导致严重的区域或延迟损失。此外，通过阻止来自“不可信”ip的访问并将连接标记为“不可遍历”，不可信ip与它必须与“可信”ip共享的内存之间的连接是安全的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

自引率

0.00%

发文量