Toward Hardware-Based IP Vulnerability Detection and Post-Deployment Patching in Systems-on-Chip

Tan, Benjamin; Elnaggar, Rana; Fung, Jason M.; Karri, Ramesh; Chakrabarty, Krishnendu

doi:10.1109/tcad.2020.3019772

Cited by 15 publications

(13 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this way, shared software and hardware resources and information can be provided to computers and other devices on demand. The needs of a large number of users can be met [ 16 , 17 ]. Tan et al [ 17 ] use virtualization mode to improve processing efficiency.…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

Computer Security Issues and Legal System Based on Cloud Computing

Li¹

2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

To effectively improve the security and accuracy of computer information storage, a computer security problem and legal system based on cloud computing are proposed. Firstly, this article details the evolution of cloud computing, its characteristics, architecture, and application status of cloud computing in detail. Second, we discussed security strategies to ensure the confidentiality and integrity of cloud computing information, focuses on the data encryption technology of cloud data security, and designs and implements the data backup and recovery system based on the cloud platform. The core layers of the system are the system layer and data operation layer. The system uses multithreading technology based on epoll and thread pool to improve the efficiency of data transmission. At the same time, the basic visual page is realized, and users can use the page to create a convenient operating system. Finally, the system is built in the laboratory environment and tested as a whole. The test results show that through the performance comparison with the current commonly used systems, it is found that the system in this paper has a certain improvement in data transmission rate, but the utilization rate of node CPU is as high as 40%, which leads to certain requirements for node CPU performance. Therefore, the system meets the functional requirements proposed in the design. Compared to the existing system, its performance has been found to meet the actual requirements of use, proving that the system is accessible and efficient.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

“…The needs of a large number of users can be met [ 16 , 17 ]. Tan et al [ 17 ] use virtualization mode to improve processing efficiency. Users can use cloud computing through the network, and each request is distributed to multiple servers [ 18 ].…”

Section: Literature Reviewmentioning

confidence: 99%

Computer Security Issues and Legal System Based on Cloud Computing

Li¹

2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

show abstract

“…Dessouky et al [6] constructed a testbed for software-exploitable register-transfer level bugs to analyse the effectiveness of the latest security verification methods and identify the specific classes of vulnerabilities that these methods fail to detect. Tan et al [7] proposed monitoring and mitigation patch blocks to provide a defence against intellectual property (IP) centric security issues, focussing on situations where a system integrator only has interface-level visibility of the third-party IP designs. Zhu et al [8] proposed an approach as well as a secure architecture that monitors the central processing unit (CPU) at run-time from outside of the CPU chip.…”

Section: Related Studiesmentioning

confidence: 99%

“…Tan et al. [7] proposed monitoring and mitigation patch blocks to provide a defence against intellectual property (IP) centric security issues, focussing on situations where a system integrator only has interface‐level visibility of the third‐party IP designs. Zhu et al.…”

Section: Related Studiesmentioning

confidence: 99%

IMSC: Instruction set architecture monitor and secure cache for protecting processor systems from undocumented instructions

Wang

Liu

Jiang

2022

IET Information Security

View full text Add to dashboard Cite

A secure processor requires that no secret, undocumented instructions be executed. Unfortunately, as today's processor design and supply chain are increasingly complex, undocumented instructions that can execute some specific functions can still be secretly introduced into the processor system as flaws or vulnerabilities. To address this problem that may cause potentially serious security breaches, the instruction set architecture (ISA) monitor and secure cache (IMSC) is proposed. As a lightweight solution, IMSC employs an ISA monitor to discover and correct any potential threats imposed by undocumented instructions, and it relies on a secure cache to ensure the credibility of the system. The authors’ case studies have confirmed that IMSC can effectively protect a processor system from being exploited by undocumented instructions and thus provide a trustworthy computing environment, all at low hardware and run‐time costs.

show abstract

“…A brief discussion of prevention techniques are provided without providing any specific solution. Siddiqui et al [7] and Tan et al [24] proposed two solutions for the implementation of distributed and decentralized systems aiming to detect anomalous conditions generated by hardware modules. While these solutions can help mitigating misbehaving conditions generated by the hardware module, they are not intended for the implementation of dynamic access control systems.…”

Section: B Pulp Soc Experimentsmentioning

confidence: 99%

AKER: A Design and Verification Framework for Safe andSecure SoC Access Control

Restuccia¹,

Meza²,

Kastner³

2021

Preprint

View full text Add to dashboard Cite

Modern systems on a chip (SoCs) utilize heterogeneous architectures where multiple IP cores have concurrent access to on-chip shared resources. In security-critical applications, IP cores have different privilege levels for accessing shared resources, which must be regulated by an access control system. AKER is a design and verification framework for SoC access control. AKER builds upon the Access Control Wrapper (ACW) -a high performance and easy-to-integrate hardware module that dynamically manages access to shared resources. To build an SoC access control system, AKER distributes the ACWs throughout the SoC, wrapping controller IP cores, and configuring the ACWs to perform local access control. To ensure the access control system is functioning correctly and securely, AKER provides a property-driven security verification using MITRE common weakness enumerations. AKER verifies the SoC access control at the IP level to ensure the absence of bugs in the functionalities of the ACW module, at the firmware level to confirm the secure operation of the ACW when integrated with a hardware root-of-trust (HRoT), and at the system level to evaluate security threats due to the interactions among shared resources. The performance, resource usage, and security of access control systems implemented through AKER is experimentally evaluated on a Xilinx UltraScale+ programmable SoC, it is integrated with the OpenTitan hardware root-of-trust, and it is used to design an access control system for the OpenPULP multicore architecture.

show abstract

Toward Hardware-Based IP Vulnerability Detection and Post-Deployment Patching in Systems-on-Chip

Cited by 15 publications

References 27 publications

Computer Security Issues and Legal System Based on Cloud Computing

Computer Security Issues and Legal System Based on Cloud Computing

IMSC: Instruction set architecture monitor and secure cache for protecting processor systems from undocumented instructions

AKER: A Design and Verification Framework for Safe andSecure SoC Access Control

Contact Info

Product

Resources

About