基于网络的多核加速器的动态空间隔离安全区域

2016 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC) Pub Date : 2016-06-27 DOI:10.1109/ReCoSoC.2016.7533900

M. M. Real, P. Wehner, Vincent Migliore, Vianney Lapôtre, D. Göhringer, G. Gogniat

{"title":"基于网络的多核加速器的动态空间隔离安全区域","authors":"M. M. Real, P. Wehner, Vincent Migliore, Vianney Lapôtre, D. Göhringer, G. Gogniat","doi":"10.1109/ReCoSoC.2016.7533900","DOIUrl":null,"url":null,"abstract":"Many-core architectures are becoming a major execution platform in order to face the increasing number of applications executed in parallel. While these architectures provide massive parallelism and high performance to the users, they also introduce key challenges in terms of security. Indeed, in order to leverage performance, a great number of applications running in parallel may share resources. A malicious application may compromise other applications sharing common resources or the whole system by directly accessing, deducing or retrieving sensitive data. This work focuses on a many-core accelerator architecture extended with mechanisms allowing the logical and spatial isolation of sensitive applications through the dynamic creation of secure zones. Each sensitive application is executed within a secure zone avoiding any resource sharing with other potentially malicious applications, preventing denial of services within the secure zones as well as confidentiality and integrity attacks. A set of services guarantying the dynamic creation and handling of spatially isolated secure zones in a many-core accelerator architecture is proposed. These services are integrated into a software controller on a many-core accelerator architecture and evaluated through virtual prototyping.","PeriodicalId":248789,"journal":{"name":"2016 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Dynamic spatially isolated secure zones for NoC-based many-core accelerators\",\"authors\":\"M. M. Real, P. Wehner, Vincent Migliore, Vianney Lapôtre, D. Göhringer, G. Gogniat\",\"doi\":\"10.1109/ReCoSoC.2016.7533900\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many-core architectures are becoming a major execution platform in order to face the increasing number of applications executed in parallel. While these architectures provide massive parallelism and high performance to the users, they also introduce key challenges in terms of security. Indeed, in order to leverage performance, a great number of applications running in parallel may share resources. A malicious application may compromise other applications sharing common resources or the whole system by directly accessing, deducing or retrieving sensitive data. This work focuses on a many-core accelerator architecture extended with mechanisms allowing the logical and spatial isolation of sensitive applications through the dynamic creation of secure zones. Each sensitive application is executed within a secure zone avoiding any resource sharing with other potentially malicious applications, preventing denial of services within the secure zones as well as confidentiality and integrity attacks. A set of services guarantying the dynamic creation and handling of spatially isolated secure zones in a many-core accelerator architecture is proposed. These services are integrated into a software controller on a many-core accelerator architecture and evaluated through virtual prototyping.\",\"PeriodicalId\":248789,\"journal\":{\"name\":\"2016 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC)\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ReCoSoC.2016.7533900\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ReCoSoC.2016.7533900","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

摘要

为了应对并行执行的应用程序数量的增加，多核体系结构正在成为主要的执行平台。虽然这些体系结构为用户提供了大量并行性和高性能，但它们也带来了安全性方面的关键挑战。实际上，为了利用性能，大量并行运行的应用程序可能会共享资源。恶意应用程序通过直接访问、推断或检索敏感数据，可能危及共享公共资源的其他应用程序，甚至危及整个系统。这项工作的重点是多核加速器架构，该架构扩展了允许通过动态创建安全区对敏感应用程序进行逻辑和空间隔离的机制。每个敏感应用程序都在安全区域内执行，避免与其他潜在的恶意应用程序共享任何资源，防止安全区域内的拒绝服务以及机密性和完整性攻击。在多核加速器体系结构中，提出了一套保证动态创建和处理空间隔离安全区域的服务。这些服务被集成到多核加速器架构上的软件控制器中，并通过虚拟原型进行评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Dynamic spatially isolated secure zones for NoC-based many-core accelerators

Many-core architectures are becoming a major execution platform in order to face the increasing number of applications executed in parallel. While these architectures provide massive parallelism and high performance to the users, they also introduce key challenges in terms of security. Indeed, in order to leverage performance, a great number of applications running in parallel may share resources. A malicious application may compromise other applications sharing common resources or the whole system by directly accessing, deducing or retrieving sensitive data. This work focuses on a many-core accelerator architecture extended with mechanisms allowing the logical and spatial isolation of sensitive applications through the dynamic creation of secure zones. Each sensitive application is executed within a secure zone avoiding any resource sharing with other potentially malicious applications, preventing denial of services within the secure zones as well as confidentiality and integrity attacks. A set of services guarantying the dynamic creation and handling of spatially isolated secure zones in a many-core accelerator architecture is proposed. These services are integrated into a software controller on a many-core accelerator architecture and evaluated through virtual prototyping.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 11th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC)

自引率

0.00%

发文量