Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Published byClifton Flynn Modified over 8 years ago

Similar presentations

Presentation on theme: "Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy."— Presentation transcript:

1 Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy

2 Disclaimer The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.

3 Lecture 2 Overview Reconfigurable Security Reconfigurable hardware is widely used due to growing non-recurring engineering (NRE) cost for ASICs

4 Field Programmable Gate Arrays Design of high-performance systems ASIC chips have been used traditionally Need something in between CPU and ASIC

5 Field Programmable Gate Arrays Raises interesting security questions Set of security primitives Examples of FPGA systems

6 FPGA Chip Reconfigurable Hardware SDRAM (off-chip) DRAM Reference Monitor Crypto Core CPU Core AES μPμP μPμP

7 Tradeoffs Software vs. Hardware ASIC performance comes at a high NRE cost Design, Verification Fabrication, Packaging, Test Security CPU ASIC FPGA General-PurposeApplication-Specific

8 Motivation Ideal: Performance approaching ASIC, cost approaching CPU Problem: Embedded systems designers need security primitives Opportunities: – Spatial mapping of apps to device – Build primitives in reconfigurable hardware

9 Outline Motivation and Background Security Primitives for FPGAs – Logical isolation – Interconnect tracing – Secure communication architecture – Configuration scrubbing

10 Motivation and Background Security Primitives for FPGAs – Logical isolation – Interconnect tracing – Secure communication architecture – Configuration scrubbing

11 Protection on Embedded Systems Separation Kernels DRAM app1 app3 app2 kernel Reconfigurable Protection DRAM app1 app2 app3 Reference Monitor Physical Software SpatialTemporal

12 FPGA Systems SDRAM (off-chip) DRAM FPGA chip μPμP μPμP μPμP μPμP SRAM Block BRAM FPGA Fabric

13 FPGA Applications Mem FPGA App1 App2

14 FPGA Fabric Switchbox CLB A B Out 0 0 0 0 1 0 1 0 0 1 1 1

15 Mixed Trust Cores Multiple cores on one chip Cores are provided by third parties Sophisticated software tools developed by third parties

16 Mixed Trust Cores Entanglement

17 Mixed Trust Tool Chains

18 Logical Isolation Motivation Security Primitives for FPGAs – Logical isolation – Interconnect tracing – Secure communication architecture – Configuration scrubbing

19 Moats Goal: Physical isolation of cores Opportunity: Divide computation spatially Exploit spatial nature of FPGAs to provide isolation

20 FPGA Chip Moats SDRAM (off-chip) DRAM Reference Monitor Crypto Core CPU Core AES

21 Moats

22 Methodology Tradeoff between area and performance Use VPR to synthesize 20 largest MCNC benchmark circuits on different routing configurations

23 Effective Utilization A Dead areas for moats (Depends on # Cores) B Inflation due to restricted routing (~10%) C Useful logic with no inflation (unrestricted routing) U Eff =C/(A+B+C) 100%

24 Moat Tradeoffs Dead Space Inflation Useful Logic Moat Size = 2 Dead Space Inflation Useful Logic Moat Size = 1 Dead Space Useful Logic Moat Size = 6 Inflation

25 Effective Utilization

26 Interconnect Tracing Motivation Security Primitives for FPGAs – Logical isolation – Interconnect tracing – Secure communication architecture – Configuration scrubbing

27 Drawbridges Goal: Ensure that only specified communication is established between cores Opportunity: Spatial isolation Specify legal connections Statically verify these connections

28 FPGA Chip Interconnect Tracing SDRAM (off-chip) DRAM Reference Monitor Crypto Core CPU Core AES μPμP μPμP X X

29 Jbits Interface Jbits is a java software interface from Xilinx It provides abstract methods for – Reading bitstreams – Modifying bitstreams – Creating bitstreams Allows us to obtain the information we need to trace the routes from the actual bitstream

30 How Route Tracer Works Initialization – Parse Input file to get all modules, pins, and connections – Obtain list of search pins for incoming and outgoing connections – Trace all connections from input pins – Trace all connections leaving modules – Reverse Trace to ensure that there are no invalid connections entering the modules

31 Route Tracing Algorithm RouteTree trace(pin, module) { add pin to routeTree for all sinks of wire this pin is on { if sink is connected to pin if sink has already been search return if sink is in another module check if connection is valid return add sink to list of searched pins trace(sink, module) }

32 Route Tracing SMCLBSMCLB SMCLBSMCLB SMCLB SMCLB SMCLBSMCLB SMCLBSMCLB SM CLBSMCLB SMCLBSMCLB SMCLB SMCLB SMCLBSMCLB SMCLBSMCLB SM

33 Example Input file # denotes a comment # first declare the device type #D device D XC2V6000 FF1517 #N moudules pins connections N 4 5 12 #M modulename xmin xmax # ymin ymax M MB1 11 35 57 80 M MB2 11 35 13 35 M MB3 54 78 57 80 M MB4 54 78 13 35 #P pinname in/out P B25 rst #Reset P C36 in #rs_232_rx_pin P J30 out #rs_232_tx_pin P C8 in #rs_232_rx2_pin P C9 out #rs_232_tx2_pin #C source destination width C B25 MB1 1 C C36 MB1 1 C MB1 J30 1 C B25 MB2 1 C MB1 MB2 32 C MB2 MB1 32 C B25 MB3 1 C MB3 C9 1 C C8 MB3 1 C B25 MB4 1 C MB4 MB3 32 C MB3 MB4 32

34 Output from Route Tracer. Found Valid connection:MB1 to MB2 CLB.S6BEG5[57][33]. [CLB.S6END5[51][33]].. CLB.S6BEG5[51][33]... [CLB.S6END5[45][33]].... CLB.S6BEG3[45][33]..... [CLB.S6END3[39][33]]...... CLB.S2BEG3[39][33]....... [CLB.S2END3[37][33]]........ CLB.S2BEG1[37][33]......... [CLB.S2END_S1[34][33]] Found Valid connection:MB3 to MB4 CLB.OMUX0[58][58]. CLB.LV12[58][58].. [CLB.LV18[28][58]] Found Valid connection:MB3 to C9. Design Successfully verified!

35 Partial Reconfiguration Route Tracing SMCLBSMCLB SMCLBSMCLB SMCLB SMCLB SMCLBSMCLB SMCLBSMCLB SM CLBSMCLB SMCLBSMCLB SMCLB SMCLB SMCLBSMCLB SMCLBSMCLB SM This is our partially reconfigurable area Input Pin Output Pin

36 Moats 1.0 Example four-core design, moat size = 2

37 Moats 2.0 Subset of connections that must be traced

38 Secure Communication Architecture Motivation Security Primitives for FPGAs – Logical isolation – Interconnect tracing – Secure communication architecture – Configuration scrubbing

39 Secure Communication Architecture Goal: Secure communication between cores on shared bus Opportunity: Programmability of FPGAs Shared memory bus with time division access

40 MnM3M2M1 Communication Architecture M1M2M3Mn Arbiter BRAM Block...

41 FPGA Chip Communication Architecture SDRAM (off-chip) DRAM Arbiter/Reference Monitor Crypto Core CPU Core AES μPμP μPμP

42 Configuration Scrubbing Motivation Security Primitives for FPGAs – Logical isolation – Interconnect tracing – Secure communication architecture – Configuration scrubbing

43 Configuration Scrubbing Goal: Allow FPGA to change its configuration securely at run-time Opportunity: Use partial reconfiguration to properly erase prior core ’ s logic Use ICAP interface with an embedded core Bitstream decryption is prohibited when using partial reconfiguration

44 CPU Core μPμP AES Crypto Core Scrubbing Example SDRAM (off-chip) DRAM FPGA Chip CPU Core μPμP μPμP

45 Lecture 2 Reading [Conference Version] Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems – http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnum ber=4223233 [Journal Version] Security Primitives for Reconfigurable Hardware-Based Systems – http://dl.acm.org/citation.cfm?id=1754391

46 Lecture 2 Reading Reconfigurable Hardware Security – Trusted Design in FPGAs http://dl.acm.org/citation.cfm?id=1278483 – Security on FPGAs: State-of-the-Art Implementations and Attacks http://dl.acm.org/citation.cfm?id=1015052 – Security for Volatile FPGAs http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR- 763.pdf

47 Lecture 2 Reading Reconfigurable Hardware Security – Reconfigurable Computing: The Theory and Practice of FPGA-Based Computing http://store.elsevier.com/Reconfigurable-Computing/Scott- Hauck/isbn-9780123705228/ – FPGA-Based Single Chip Cryptographic Solution http://mil-embedded.com/pdfs/NSA.Mar07.pdf http://www.xilinx.com/applications/security/index.htm – Of Gates and Wires http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnum ber=1303100

48 Lecture 2 Reading Handbook of FPGA Design Security – http://springer.com/978-90-481-9156-7 Security Trends for FPGAs – http://springer.com/978-94-007-1337-6

Download ppt "Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy."

Similar presentations

FPGA (Field Programmable Gate Array)

FPGA (Field Programmable Gate Array)
Hao wang and Jyh-Charn (Steve) Liu

Hao wang and Jyh-Charn (Steve) Liu
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
Survey of Reconfigurable Logic Technologies

Survey of Reconfigurable Logic Technologies
EELE 367 – Logic Design Module 2 – Modern Digital Design Flow Agenda 1.History of Digital Design Approach 2.HDLs 3.Design Abstraction 4.Modern Design Steps.

EELE 367 – Logic Design Module 2 – Modern Digital Design Flow Agenda 1.History of Digital Design Approach 2.HDLs 3.Design Abstraction 4.Modern Design Steps.
Hardwired networks on chip for FPGAs and their applications

Hardwired networks on chip for FPGAs and their applications
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
Introduction to Reconfigurable Computing CS61c sp06 Lecture (5/5/06) Hayden So.

Introduction to Reconfigurable Computing CS61c sp06 Lecture (5/5/06) Hayden So.
Lecture 2: Field Programmable Gate Arrays I September 5, 2013 ECE 636 Reconfigurable Computing Lecture 2 Field Programmable Gate Arrays I.

Lecture 2: Field Programmable Gate Arrays I September 5, 2013 ECE 636 Reconfigurable Computing Lecture 2 Field Programmable Gate Arrays I.
ENGIN112 L38: Programmable Logic December 5, 2003 ENGIN 112 Intro to Electrical and Computer Engineering Lecture 38 Programmable Logic.

ENGIN112 L38: Programmable Logic December 5, 2003 ENGIN 112 Intro to Electrical and Computer Engineering Lecture 38 Programmable Logic.
02/02/20091 Logic devices can be classified into two broad categories Fixed Programmable Programmable Logic Device Introduction Lecture Notes – Lab 2.

02/02/20091 Logic devices can be classified into two broad categories Fixed Programmable Programmable Logic Device Introduction Lecture Notes – Lab 2.
The Spartan 3e FPGA. CS/EE 3710 The Spartan 3e FPGA  What’s inside the chip? How does it implement random logic? What other features can you use?  What.

The Spartan 3e FPGA. CS/EE 3710 The Spartan 3e FPGA  What’s inside the chip? How does it implement random logic? What other features can you use?  What.
Configurable System-on-Chip: Xilinx EDK

Configurable System-on-Chip: Xilinx EDK
1/31/20081 Logic devices can be classified into two broad categories Fixed Programmable Programmable Logic Device Introduction Lecture Notes – Lab 2.

1/31/20081 Logic devices can be classified into two broad categories Fixed Programmable Programmable Logic Device Introduction Lecture Notes – Lab 2.
February 4, 2002 John Wawrzynek

February 4, 2002 John Wawrzynek
The Memory/Logic Interface in FPGA’s with Large Embedded Memory Arrays The Memory/Logic Interface in FPGA’s with Large Embedded Memory Arrays Steven J.

The Memory/Logic Interface in FPGA’s with Large Embedded Memory Arrays The Memory/Logic Interface in FPGA’s with Large Embedded Memory Arrays Steven J.
UCB November 8, 2001 Krishna V Palem Proceler Inc. Customization Using Variable Instruction Sets Krishna V Palem CTO Proceler Inc.

UCB November 8, 2001 Krishna V Palem Proceler Inc. Customization Using Variable Instruction Sets Krishna V Palem CTO Proceler Inc.
CS 151 Digital Systems Design Lecture 38 Programmable Logic.

CS 151 Digital Systems Design Lecture 38 Programmable Logic.

Similar presentations

Ads by Google