The deployment of mixed-criticality applications on NoC (Network-on-Chip)-based MPSoC (Multiprocessor Systemon-Chip) platforms requires a stringent protection of the communication and processing resources being utilized by hard-realtime parts of the the application in order to avoid interference of less critical application parts. In this contribution we present an approach for encapsulation of critical NoC communication resources, which guarantees no interference of non-critical data packets with critical communication data on the network. It is shown, how the NoC fault-tolerance technique "NoCDepend" can be used in order to achieve partitioning of a NoC into several criticality domains without additional overhead. The shape of the protected domains is arbitrary and the method can be applied to 2D and 3D NoCs.
Cache attacks are one of the most widespread and dangerous threats to embedded computing systems' security. A promising approach to detect such attacks at runtime is to monitor the System-on-Chip (SoC) behavior. However, designing a secure SoC capable of detecting such attacks is very challenging: the monitors should be lightweight in order to avoid excessive power/energy and area costs and the attack behavior should be clearly known upfront. In this work, we present LiD-CAT, a lightweight and flexible hardware detector that is aware of leakage patterns that can be used by attackers to perform cache based attacks. LiD-CAT is a cache wrapper that implements a set of leakage properties derived from cache attacks and cache models using templates. These templates identify suspicious behavior that may lead to cache attacks. LiD-CAT is evaluated using two different cache architectures, one with a secure cache and one without. On each of them, SPEC2000 benchmarks are run together with malicious applications that execute cache attacks (i.e., Evict+Time, Prime+Probe, Flush+Reload and Flush+Flush). Results show that our lightweight detector successfully detects 99.99% of the attacks with less than 1% false-positives, has no timing penalties, and increases the area of a SoC with only 1.6%.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citationsâcitations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.