Language semantics to support secure computation and communication in embedded systems via hardware monitors

IF 2.2 3区工程技术 Q3 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Integration-The Vlsi Journal Pub Date : 2025-02-01 DOI:10.1016/j.vlsi.2025.102367

Garett Cunningham , Siqin Liu , Harsha Chenji , David Juedes , Avinash Karanth

{"title":"Language semantics to support secure computation and communication in embedded systems via hardware monitors","authors":"Garett Cunningham , Siqin Liu , Harsha Chenji , David Juedes , Avinash Karanth","doi":"10.1016/j.vlsi.2025.102367","DOIUrl":null,"url":null,"abstract":"<div><div>As embedded systems with manycores and Network-on-Chips (NoCs) become ubiquitous, emerging hardware and software vulnerabilities have made it challenging to ensure system integrity especially when third-party intellectual property (IP) is used for rapid prototyping. Prior works have evaluated hardware monitors for ensuring correctness of the system by threat assessment and effective mitigation. However, none have evaluated models that combine both computation (processor pipeline) and communication (NoC) vulnerabilities simultaneously. In this paper, we propose a high-level policy language called d-GUARD that is used to define runtime security policies that can be compiled into hardware monitors. The advantage of this new language is the ability to dynamically change policies based on program’s runtime behavior. To translate high-level policies into low-level hardware monitors, we describe a compiler for d-GUARD that synthesizes policies into Verilog modules. Instead of simply evaluating the design of secure policies for processor pipelines, we extend to secure NoC microarchitectures, including policies for links and routers, as well as policies to prevent Denial-of-Service (DoS) attacks. To mitigate attacks against secure microarchitectures, we also propose fault-tolerant routing approaches to avoid rogue routers when the number of policy violations exceeds a certain threshold. Our secure policies for processor pipelines and NoC microarchitectures consume marginal area and power overhead when compared to baseline making it well suited for low-cost embedded systems.</div></div>","PeriodicalId":54973,"journal":{"name":"Integration-The Vlsi Journal","volume":"102 ","pages":"Article 102367"},"PeriodicalIF":2.2000,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Integration-The Vlsi Journal","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167926025000240","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

As embedded systems with manycores and Network-on-Chips (NoCs) become ubiquitous, emerging hardware and software vulnerabilities have made it challenging to ensure system integrity especially when third-party intellectual property (IP) is used for rapid prototyping. Prior works have evaluated hardware monitors for ensuring correctness of the system by threat assessment and effective mitigation. However, none have evaluated models that combine both computation (processor pipeline) and communication (NoC) vulnerabilities simultaneously. In this paper, we propose a high-level policy language called d-GUARD that is used to define runtime security policies that can be compiled into hardware monitors. The advantage of this new language is the ability to dynamically change policies based on program’s runtime behavior. To translate high-level policies into low-level hardware monitors, we describe a compiler for d-GUARD that synthesizes policies into Verilog modules. Instead of simply evaluating the design of secure policies for processor pipelines, we extend to secure NoC microarchitectures, including policies for links and routers, as well as policies to prevent Denial-of-Service (DoS) attacks. To mitigate attacks against secure microarchitectures, we also propose fault-tolerant routing approaches to avoid rogue routers when the number of policy violations exceeds a certain threshold. Our secure policies for processor pipelines and NoC microarchitectures consume marginal area and power overhead when compared to baseline making it well suited for low-cost embedded systems.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Integration-The Vlsi Journal 工程技术-工程：电子与电气

CiteScore

3.80

自引率

5.30%

发文量

107

审稿时长

6 months

期刊介绍： Integration''s aim is to cover every aspect of the VLSI area, with an emphasis on cross-fertilization between various fields of science, and the design, verification, test and applications of integrated circuits and systems, as well as closely related topics in process and device technologies. Individual issues will feature peer-reviewed tutorials and articles as well as reviews of recent publications. The intended coverage of the journal can be assessed by examining the following (non-exclusive) list of topics: Specification methods and languages; Analog/Digital Integrated Circuits and Systems; VLSI architectures; Algorithms, methods and tools for modeling, simulation, synthesis and verification of integrated circuits and systems of any complexity; Embedded systems; High-level synthesis for VLSI systems; Logic synthesis and finite automata; Testing, design-for-test and test generation algorithms; Physical design; Formal verification; Algorithms implemented in VLSI systems; Systems engineering; Heterogeneous systems.