Toward on hardware firewalling of networks-on-chip based systems

Achballah, Ahmed Ben; Othman, Slim Ben; Saoud, Slim Ben

doi:10.1109/aset.2017.7983658

Cited by 8 publications

(8 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When the distributed firewall is adopted, bandwidth is better utilized because packets will be rejected at the initiators before reaching the target NI. The firewalls could also be placed between the routers [94]. Security wrappers have been employed instead of firewalls in secure zones.…”

Section: E Access Authorizationmentioning

confidence: 99%

“…Achballah et al [94] proposed a firewall that is placed between the NoC routers and separates the secured and nonsecured zones on NoC. The firewall serves two purposes.…”

Section: [93]-mentioning

confidence: 99%

“…Firewall Location Firewall Type Fiorin et al [93] Initiator / Target Static Grammatikatis et al [91] Initiator Static Hu et al [95] Between Routers Static Achballah et al [94] Between Routers Static Kinsy et al [40] Target Static Fiorin et al [92] Initiator / Target Dynamic Cioranesco et al [90] Target Dynamic Fernandes et al [96] Initiator / Target Dynamic of tasks requiring secure communication. SZs are, in fact, network-level facilities to ease intra-group secure communications at the system/application level.…”

Section: Referencementioning

confidence: 99%

See 2 more Smart Citations

A Survey on the Security of Wired, Wireless, and 3D Network-on-Chips

et al. 2021

View full text Add to dashboard Cite

Network-on-Chips (NoCs) have been widely used as a scalable communication solution in the design of multiprocessor system-on-chips (MPSoCs). NoCs manage communications between on-chip Intellectual Property (IP) cores and allow processing cores to achieve higher performance by outsourcing their communication tasks. NoC paradigm is based on the idea of resource sharing where hardware resources, including buffers, communication links, routers, etc., are shared between all IPs of the MPSoC. In fact, the data being routed by each NoC router might not be related to the router's local core. Such a utilization-centric design approach can raise security issues in MPSoCs-based designs, e.g., integrity and confidentiality of the data being routed in an NoC might be compromised by unauthorized accesses/modifications of intermediate routers. Many papers in the literature have discovered and addressed security holes of NoCs, aiming at improving the security of the NoC paradigm. However, to the best of our knowledge, there is no solid survey study on the security vulnerabilities and countermeasures for NoCs. This paper will review security threats and countermeasures proposed so far for wired NoCs, wireless NoCs, and 3D NoCs. The paper aims at giving the readers an insight into the attacks and weaknesses/strengths of countermeasures.

show abstract

Section: E Access Authorizationmentioning

confidence: 99%

“…Achballah et al [94] proposed a firewall that is placed between the NoC routers and separates the secured and nonsecured zones on NoC. The firewall serves two purposes.…”

Section: [93]-mentioning

confidence: 99%

Section: Referencementioning

confidence: 99%

See 1 more Smart Citation

A Survey on the Security of Wired, Wireless, and 3D Network-on-Chips

et al. 2021

View full text Add to dashboard Cite

show abstract

“…The concept of DoS in the NoC context was introduced in [7]. Subsequently, approaches with different mitigation strategies for these kinds of attacks have been proposed [7][8][9][10][11][12][13][14][15][16][17][18]. Such approaches can be categorized in two main classes: DoS Avoidance and DoS detection and recovery.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Although such a firewall does not allow the DoS attack to be effective, it was designed to protect the destination PE (i.e., the on-chip memory), thus it does not detect the source of the attach, nor does it kill the attack-related traffic congesting the network. In [18], Achballah et al target computation of occupation time of the physical links in number of clock cycles. The occupation time of the physical link is compared to an expected value.…”

Section: Dos Attack Detection and Recoverymentioning

confidence: 99%

DoS Attack Detection and Path Collision Localization in NoC-Based MPSoC Architectures

Chaves

Azad

Hollstein

et al. 2019

JLPEA

View full text Add to dashboard Cite

Denial of Service (DoS) attacks are an increasing threat for Multiprocessor System-on-Chip (MPSoC) architectures. By exploiting the shared resources on the chip, an attacker is able to prevent completion or degrade the performance of a task. This is extremely dangerous for MPSoCs used in critical applications. The Network-on-Chip (NoC), as a central MPSoC infrastructure, is exposed to this attack. In order to maintain communication availability, NoCs should be enhanced with an effective and precise attack detection mechanism that allows the triggering of effective attack mitigation mechanisms. Previous research works demonstrate DoS attacks on NoCs and propose detection methods being implemented in NoC routers. These countermeasures typically led to a significantly increased router complexity and to a high degradation of the MPSoC’s performance. To this end, we present two contributions. First, we provide an analysis of information that helps to narrow down the location of the attacker in the MPSoC, achieving up to a 69% search space reduction for locating the attacker. Second, we propose a low cost mechanism for detecting the location and direction of the interference, by enhancing the communication packet structure and placing communication degradation monitors in the NoC routers. Our experiments show that our NoC router architecture detects single-source DoS attacks and determines, with high precision, the location and direction of the collision, while incurring a low area and power overhead.

show abstract

Lightweight Monitoring Scheme for Flooding DoS Attack Detection in Multi-Tenant MPSoCs

Chaves

Sepúlveda

Hollstein

2021

2021 IEEE International Symposium on Circuits and Systems (ISCAS)

View full text Add to dashboard Cite

The increasing use of Multiprocessor Systems-on-Chip (MPSoCs) within scalable multi-tenant systems, such as fog/cloud computing, faces the challenge of potential attacks originated by the execution of malicious tasks. Flooding Denialof-Service (FDoS) attacks are one of the most common and powerful threats for Network-on-Chip (NoC)-based MPSoCs. Since, by overwhelming the NoC, the system is unable to forward legitimate traffic. However, the effectiveness of FDoS attacks depend on the NoC configuration. Moreover, designing a secure MPSoC capable of detecting such attacks while avoiding excessive power/energy and area costs is challenging. To this end, we present two contributions. First, we demonstrate two types of FDoS attacks: based on the packet injection rate (PIR-based FDoS) and based on the packet's payload length (PPL-based FDoS). We show that fair round-robin NoCs are intrinsically protected against PIR-based FDoS. Instead, PPL-based FDoS attacks represent a real threat to MPSoCs. Second, we propose a novel lightweight monitoring method for detecting communication disruptions. Simulation and synthesis results show the feasibility and efficiency of the presented approach.

show abstract

Toward on hardware firewalling of networks-on-chip based systems

Cited by 8 publications

References 9 publications

A Survey on the Security of Wired, Wireless, and 3D Network-on-Chips

A Survey on the Security of Wired, Wireless, and 3D Network-on-Chips

DoS Attack Detection and Path Collision Localization in NoC-Based MPSoC Architectures

Lightweight Monitoring Scheme for Flooding DoS Attack Detection in Multi-Tenant MPSoCs

Contact Info

Product

Resources

About