{"title":"fpga片上存储块的分离与保护方案","authors":"Luis Ramirez Rivera, Xiaofang Wang, D. Chasaki","doi":"10.1109/HST.2016.7495586","DOIUrl":null,"url":null,"abstract":"State-of-the-art FPGAs are quickly evolving into a complete system-on-chip (SoC) platform with aggressive integration of high-performance hard processor cores, gigabytes of dedicated memory blocks, and many commonly used peripherals. As FPGAs increasingly find their way into many critical and sensitive applications, including speeding cryptographic algorithms, security concerns about themselves start mounting. Current countermeasures mostly target hardware trojans, cloning, side-channel attacks, and reverse engineering. Little attention has been devoted to securing dedicated on-chip memory blocks. Moreover, the dynamic reconfigurability nature of FPGAs makes static-only approaches less effective and less efficient. In this paper, we present the design and implementation of a runtime protection scheme for FPGA on-chip memory blocks. To secure on-chip memory inside FPGAs, careful design choices must be taken because of their very low latency and simple flat memory model. A series of rules, called security policies are made. These policies are enforced by a reference monitor who mediates the communications between the intellectual properties (IP) or modules that requires the memory, and the memory itself. The memory security scheme is an implementation of a security kernel, enforced by a series of security policies, with a specific policy algorithm which tells four security monitors to control the memory accesses between IPs and the on-chip memory inside the FPGA used. The results on a Xilinx Virtex-6 FPGA board show that the security monitors themselves are successful in preventing unauthorized accesses from IPs that are marked as “untrusted” while allowing full access from other IPs that are marked as “trusted”, without incurring on a serious area or latency penalty. Also, by preventing the access from “untrusted” IPs and marking connections as “not traversable”, the connections between the untrusted IPs and the memory that it has to share with “trusted” IPs are secured.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"467 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"A separation and protection scheme for on-chip memory blocks in FPGAs\",\"authors\":\"Luis Ramirez Rivera, Xiaofang Wang, D. Chasaki\",\"doi\":\"10.1109/HST.2016.7495586\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"State-of-the-art FPGAs are quickly evolving into a complete system-on-chip (SoC) platform with aggressive integration of high-performance hard processor cores, gigabytes of dedicated memory blocks, and many commonly used peripherals. As FPGAs increasingly find their way into many critical and sensitive applications, including speeding cryptographic algorithms, security concerns about themselves start mounting. Current countermeasures mostly target hardware trojans, cloning, side-channel attacks, and reverse engineering. Little attention has been devoted to securing dedicated on-chip memory blocks. Moreover, the dynamic reconfigurability nature of FPGAs makes static-only approaches less effective and less efficient. In this paper, we present the design and implementation of a runtime protection scheme for FPGA on-chip memory blocks. To secure on-chip memory inside FPGAs, careful design choices must be taken because of their very low latency and simple flat memory model. A series of rules, called security policies are made. These policies are enforced by a reference monitor who mediates the communications between the intellectual properties (IP) or modules that requires the memory, and the memory itself. The memory security scheme is an implementation of a security kernel, enforced by a series of security policies, with a specific policy algorithm which tells four security monitors to control the memory accesses between IPs and the on-chip memory inside the FPGA used. The results on a Xilinx Virtex-6 FPGA board show that the security monitors themselves are successful in preventing unauthorized accesses from IPs that are marked as “untrusted” while allowing full access from other IPs that are marked as “trusted”, without incurring on a serious area or latency penalty. Also, by preventing the access from “untrusted” IPs and marking connections as “not traversable”, the connections between the untrusted IPs and the memory that it has to share with “trusted” IPs are secured.\",\"PeriodicalId\":194799,\"journal\":{\"name\":\"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"volume\":\"467 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HST.2016.7495586\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2016.7495586","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A separation and protection scheme for on-chip memory blocks in FPGAs
State-of-the-art FPGAs are quickly evolving into a complete system-on-chip (SoC) platform with aggressive integration of high-performance hard processor cores, gigabytes of dedicated memory blocks, and many commonly used peripherals. As FPGAs increasingly find their way into many critical and sensitive applications, including speeding cryptographic algorithms, security concerns about themselves start mounting. Current countermeasures mostly target hardware trojans, cloning, side-channel attacks, and reverse engineering. Little attention has been devoted to securing dedicated on-chip memory blocks. Moreover, the dynamic reconfigurability nature of FPGAs makes static-only approaches less effective and less efficient. In this paper, we present the design and implementation of a runtime protection scheme for FPGA on-chip memory blocks. To secure on-chip memory inside FPGAs, careful design choices must be taken because of their very low latency and simple flat memory model. A series of rules, called security policies are made. These policies are enforced by a reference monitor who mediates the communications between the intellectual properties (IP) or modules that requires the memory, and the memory itself. The memory security scheme is an implementation of a security kernel, enforced by a series of security policies, with a specific policy algorithm which tells four security monitors to control the memory accesses between IPs and the on-chip memory inside the FPGA used. The results on a Xilinx Virtex-6 FPGA board show that the security monitors themselves are successful in preventing unauthorized accesses from IPs that are marked as “untrusted” while allowing full access from other IPs that are marked as “trusted”, without incurring on a serious area or latency penalty. Also, by preventing the access from “untrusted” IPs and marking connections as “not traversable”, the connections between the untrusted IPs and the memory that it has to share with “trusted” IPs are secured.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
