SECA: security-enhanced communication architecture

Authors:
Joel Coburn;Srivaths Ravi;Anand Raghunathan;Srimat Chakradhar
Affiliations:
NEC Laboratories America, Princeton, NJ;NEC Laboratories America, Princeton, NJ;NEC Laboratories America, Princeton, NJ;NEC Laboratories America, Princeton, NJ
Venue:
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
Year:
2005

Citing 10
Cited 14

State Transition Analysis: A Rule-Based Intrusion Detection Approach

IEEE Transactions on Software Engineering
Cryptography and network security (2nd ed.): principles and practice

Cryptography and network security (2nd ed.): principles and practice
Applied operating system concepts

Applied operating system concepts
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Architectural support for copy and tamper resistant software

ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Writing Secure Code

Writing Secure Code
Mondrian memory protection

Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
AEGIS: architecture for tamper-evident and tamper-resistant processing

ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Performance Considerations for an Embedded Implementation of OMA DRM 2

Proceedings of the conference on Design, Automation and Test in Europe - Volume 3
MiBench: A free, commercially representative embedded benchmark suite

WWC '01 Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop

On-Chip Communication Architectures: System on Chip Interconnect

On-Chip Communication Architectures: System on Chip Interconnect
NOC-centric Security of Reconfigurable SoC

NOCS '07 Proceedings of the First International Symposium on Networks-on-Chip
A data protection unit for NoC-based architectures

CODES+ISSS '07 Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis
Dynamic security domain scaling on embedded symmetric multiprocessors

ACM Transactions on Design Automation of Electronic Systems (TODAES)
Security Primitives for Reconfigurable Hardware-Based Systems

ACM Transactions on Reconfigurable Technology and Systems (TRETS)
PoliMakE: a policy making engine for secure embedded software execution on chip-multiprocessors

WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
CUFFS: an instruction count based architectural framework for security of MPSoCs

Proceedings of the Conference on Design, Automation and Test in Europe
SPMVisor: dynamic scratchpad memory virtualization for secure, low power, and high performance distributed on-chip memories

CODES+ISSS '11 Proceedings of the seventh IEEE/ACM/IFIP international conference on Hardware/software codesign and system synthesis
DynaPoMP: dynamic policy-driven memory protection for SPM-based embedded systems

WESS '11 Proceedings of the Workshop on Embedded Systems Security
Enhancing the security of time-division-multiplexing networks-on-chip through the use of multipath routing

Proceedings of the 4th International Workshop on Network on Chip Architectures
A denial-of-service resilient wireless NoC architecture

Proceedings of the great lakes symposium on VLSI
INVISIOS: A Lightweight, Minimally Intrusive Secure Execution Environment

ACM Transactions on Embedded Computing Systems (TECS)
Architectures of flexible symmetric key crypto engines—a survey: From hardware coprocessor to multi-crypto-processor system on chip

ACM Computing Surveys (CSUR)
Towards attacks on restricted memory areas through co-processors in embedded multi-OS environments via malicious firmware injection

Proceedings of the First Workshop on Cryptography and Security in Computing Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this work, we propose and investigate the idea of enhancing a System-on-Chip (SoC) communication architecture (the fabric that integrates system components and carries the communication traffic between them) to facilitate higher security. We observe that a wide range of common security attacks are manifested as abnormalities in the system-level communication traffic. Therefore, the communication architecture, with its global system-level visibility, can be used to detect them. The communication architecture can also effectively react to security attacks by disallowing the offending communication transactions, or by notifying appropriate components of a security violation. We describe the general principles involved in a security-enhanced communication architecture (SECA) and show how several security objectives can be encoded in terms of policies that govern the inter-component communication traffic. We detail the implementation of SECA in the context of a popular commercial on-chip bus architecture (the AMBA architecture from ARM) through a combination of a centralized security enforcement module, and enhancements to the bus interfaces of system components. We illustrate how SECA can be used to enhance embedded system security in several application scenarios. A simple instance of SECA has been implemented in a commercial application processor SoC for mobile phones. We provide results of experiments performed to validate the proposed concepts through system-level simulation, and evaluate their overheads through hardware implementation using a commercial design flow.