Policy-Driven Memory Protection for Reconfigurable Hardware

Huffmire, Ted; Prasad, Shreyas; Sherwood, Timothy; Kastner, Ryan

doi:10.1007/11863908_28

Cited by 24 publications

(22 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Huffmire et al [9] demonstrate compiler translation of an access policy into a hardware execution monitor for enforcing policies such as compartmentalization, access control, secure hand-off, Chinese wall, and redaction. This execution monitor is meant for hardware designs with isolated circuitry that communicate through the monitor and is not applicable directly to software applications that share hardware resources, but compilation tools for security policies may benefit our approach.…”

Section: Related Workmentioning

confidence: 99%

Automation for creating and configuring security manifests for hardware containers

Leontie

Bloom

Simha

2011

2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG)

View full text Add to dashboard Cite

Abstract-Hardware containers provide fine-grained memory access control to isolate memory regions and sandbox memory references between components of an application. A hardware reference monitor enforces a security manifest of memory access permissions for the currently executing component. In this paper we discuss how automation tools can help software developers to create the security manifest that configures hardware containers. The goal of this work is to foster discussion about our proposals for automation tools: to date we know of no solutions for extracting the metadata (permissions) required for fine-grained memory access control.

show abstract

Section: Related Workmentioning

confidence: 99%

Automation for creating and configuring security manifests for hardware containers

Leontie

Bloom

Simha

2011

2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG)

View full text Add to dashboard Cite

show abstract

“…The modules can only use the bus through this arbiter, which only allows each module to read during its designated time slice. If we want to connect the bus to a memory, then a memory monitor is also required; for this work we assume that such a configuration can be implemented on the FPGA using the results of our previous work [Huffmire et al 2006].…”

Section: Efficient Communication Under the Drawbridge Modelmentioning

confidence: 99%

“…Since the space of intrusion detection rule sets is infinite, the space of detection cores is also infinite. In our earlier work [Huffmire et al 2006], we developed a memory protection scheme for reconfigurable hardware in which a reconfigurable reference monitor enforces a policy that specifies the legal sharing of memory. Partial reconfiguration could allow the system to change the policy being enforced by swapping in a different reference monitor, assuming that you could overcome the very difficult challenge of ensuring the security and correctness of the handover.…”

Section: Effective Scrubbing and Reuse Of Reconfigurable Hardwarementioning

confidence: 99%

“…One way of protecting memory in an FPGA system is to use a reference monitor that is loaded onto the FPGA along with the other cores [Huffmire et al 2006]. Here, the reference monitor is analogous to the guard because it decides the legality of every memory access according to a policy.…”

Section: Application: Memory Policy Enforcementmentioning

confidence: 99%

“…To provide memory protection on an FPGA, we proposed the use of a reconfigurable reference monitor that enforces the legal sharing of memory among cores [Huffmire et al 2006]. A memory access policy is expressed in a specialized language, and a compiler translates this policy directly to a circuit that enforces the policy.…”

Section: Reconfigurable Hardware Securitymentioning

confidence: 99%

See 2 more Smart Citations

Security Primitives for Reconfigurable Hardware-Based Systems

Huffmire

Levin

Nguyen

et al. 2010

ACM Trans. Reconfigurable Technol. Syst.

Self Cite

View full text Add to dashboard Cite

Computing systems designed using reconfigurable hardware are increasingly composed using a number of different Intellectual Property (IP) cores, which are often provided by third-party vendors that may have different levels of trust. Unlike traditional software where hardware resources are mediated using an operating system, IP cores have fine-grain control over the underlying reconfigurable hardware. To address this problem, the embedded systems community requires novel security primitives that address the realities of modern reconfigurable hardware. In this work, we propose security primitives using ideas centered around the notion of "moats and drawbridges." The primitives encompass four design properties: logical isolation, interconnect traceability, secure reconfigurable broadcast, and configuration scrubbing. Each of these is a fundamental This research was funded in part by National Science Foundation Grant CNS-0524771, NSF Career Grant CCF-0448654, and the SMART Defense Scholarship for Service. Authors' addresses: T. Huffmire, T. Levin, T. Nguyen, and C. Irvine, Department of Computer Science, Naval Postgraduate School, Monterey, CA 93943; email: {tdhuffmi, televin, tdnguyen, irvine}@nps.edu; B. Brotherton, Special Technologies Laboratory, Santa Barbara, CA 93111; email: brett.brotherton@gmail.com; G. Wang, Intuit, San Diego, CA 92122; email: Gang Wang@ intuit.com; T. Sherwood, Department of Computer Science, University of California, Santa Barbara, CA 93106; email: sherwood@cs.ucsb.edu; R. Kastner, Department of Computer Science and Engineering, University of California, San Diego, La Jolla, CA 92093; email: kastner@cs.ucsd.edu. c 2010 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by a contractor or affiliate of the [U.S.] Government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or direct commercial advantage and that copies show this notice on the first page or initial screen of a display along with the full citation. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, to redistribute to lists, or to use any component of this work in other works requires prior specific permission and/or a fee. Permissions may be requested from Publications Dept., ACM, Inc., 2 Penn Plaza, Suite 701, New York, NY 10121-0701 USA, fax +1 (212) operation with easily understood formal properties, yet they map cleanly and efficiently to a wide variety of reconfigurable devices. We carefully quantify the required overheads of the security techniques on modern FPGA architectures across a number of different applications.

show abstract

Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware

LeMay

Gunter²

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Mobile devices are in roles where the integrity and confidentiality of their apps and data are of paramount importance. They usually contain a System-onChip (SoC), which integrates microprocessors and peripheral Intellectual Property (IP) connected by a Network-on-Chip (NoC). Malicious IP or software could compromise critical data. Some types of attacks can be blocked by controlling data transfers on the NoC using Memory Management Units (MMUs) and other access control mechanisms. However, commodity processors do not provide strong assurances regarding the correctness of such mechanisms, and it is challenging to verify that all access control mechanisms in the system are correctly configured. We propose a NoC Firewall (NoCF) that provides a single locus of control and is amenable to formal analysis. We demonstrate an initial analysis of its ability to resist malformed NoC commands, which we believe is the first effort to detect vulnerabilities that arise from NoC protocol violations perpetrated by erroneous or malicious IP.

show abstract

Policy-Driven Memory Protection for Reconfigurable Hardware

Cited by 24 publications

References 32 publications

Automation for creating and configuring security manifests for hardware containers

Automation for creating and configuring security manifests for hardware containers

Security Primitives for Reconfigurable Hardware-Based Systems

Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware

Contact Info

Product

Resources

About