Το work with title Security in MPSoCs: a NoC firewall and an evaluation framework by Grammatikakis Miltos D., Papadimitriou Kyprianos, Petrakis Polydoros , Papagrigoriou Antonis, Kornaros Georgios, Christoforakis Ioannis, Tomoutzoglou Othon, Tsamis George , Coppola Marcello is licensed under Creative Commons Attribution 4.0 International
Bibliographic Citation
M.D. Grammatikakis, K. Papadimitriou, P. Petrakis, A. Papagrigoriou, G. Kornaros, I. Christoforakis O. Tomoutzoglou, G. Tsamis and M. Coppola, "Security in MPSoCs: A NoC Firewall and an Evaluation Framework", IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), special issue on Hardware Security and Trust, vol. 34, no. 8, pp. 1344-1357, Aug. 2015.
In multiprocessor system-on-chip (MPSoC), a CPUcan access physical resources, such as on-chip memory or I/Odevices. Along with normal requests, malevolent ones, generatedby malicious processes running in one or more CPUs, could occur.A protection mechanism is therefore required to prevent injectionof malicious instructions or data across the system. We proposea self-contained Network-on-Chip (NoC) firewall at the networkinterface (NI) layer which, by checking the physical addressagainst a set of rules, rejects untrusted CPU requests to the onchipmemory, thus protecting all legitimate processes running ina multicore SoC. To sustain high performance, we implement thefirewall in hardware, with rule-checking performed at segmentlevelbased on deny rules. Furthermore, to evaluate its impact, wedevelop a novel framework on top of gem5 simulation environment,coupling ARM technology and an instance of a commercialpoint-to-point interconnect from STMicroelectronics (STNoC).Simulation tests include scenarios in which legitimate and maliciousprocesses, running in different CPUs, request access toshared memory. Our results indicate that a firewall implementationat the NI can have a positive effect on network performanceby reducing both end-to-end network delay and power consumption.We also show that our coarse-grain firewall can preventsaturation of the on-chip network and performs better thanfine-grain alternatives that perform rule checking at page-level.Simulation results are accompanied with field measurements performedon a Zedboard platform running Linux, whereas the NoCFirewall is implemented as a reconfigurable, memory-mappeddevice on top of AMBA AXI4 interconnect fabric.