通过硬件监视器在嵌入式系统中支持安全计算和通信的语言语义

IF 2.2 3区工程技术 Q3 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Integration-The Vlsi Journal Pub Date : 2025-02-01 DOI:10.1016/j.vlsi.2025.102367

Garett Cunningham , Siqin Liu , Harsha Chenji , David Juedes , Avinash Karanth

{"title":"通过硬件监视器在嵌入式系统中支持安全计算和通信的语言语义","authors":"Garett Cunningham , Siqin Liu , Harsha Chenji , David Juedes , Avinash Karanth","doi":"10.1016/j.vlsi.2025.102367","DOIUrl":null,"url":null,"abstract":"<div><div>As embedded systems with manycores and Network-on-Chips (NoCs) become ubiquitous, emerging hardware and software vulnerabilities have made it challenging to ensure system integrity especially when third-party intellectual property (IP) is used for rapid prototyping. Prior works have evaluated hardware monitors for ensuring correctness of the system by threat assessment and effective mitigation. However, none have evaluated models that combine both computation (processor pipeline) and communication (NoC) vulnerabilities simultaneously. In this paper, we propose a high-level policy language called d-GUARD that is used to define runtime security policies that can be compiled into hardware monitors. The advantage of this new language is the ability to dynamically change policies based on program’s runtime behavior. To translate high-level policies into low-level hardware monitors, we describe a compiler for d-GUARD that synthesizes policies into Verilog modules. Instead of simply evaluating the design of secure policies for processor pipelines, we extend to secure NoC microarchitectures, including policies for links and routers, as well as policies to prevent Denial-of-Service (DoS) attacks. To mitigate attacks against secure microarchitectures, we also propose fault-tolerant routing approaches to avoid rogue routers when the number of policy violations exceeds a certain threshold. Our secure policies for processor pipelines and NoC microarchitectures consume marginal area and power overhead when compared to baseline making it well suited for low-cost embedded systems.</div></div>","PeriodicalId":54973,"journal":{"name":"Integration-The Vlsi Journal","volume":"102 ","pages":"Article 102367"},"PeriodicalIF":2.2000,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Language semantics to support secure computation and communication in embedded systems via hardware monitors\",\"authors\":\"Garett Cunningham , Siqin Liu , Harsha Chenji , David Juedes , Avinash Karanth\",\"doi\":\"10.1016/j.vlsi.2025.102367\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>As embedded systems with manycores and Network-on-Chips (NoCs) become ubiquitous, emerging hardware and software vulnerabilities have made it challenging to ensure system integrity especially when third-party intellectual property (IP) is used for rapid prototyping. Prior works have evaluated hardware monitors for ensuring correctness of the system by threat assessment and effective mitigation. However, none have evaluated models that combine both computation (processor pipeline) and communication (NoC) vulnerabilities simultaneously. In this paper, we propose a high-level policy language called d-GUARD that is used to define runtime security policies that can be compiled into hardware monitors. The advantage of this new language is the ability to dynamically change policies based on program’s runtime behavior. To translate high-level policies into low-level hardware monitors, we describe a compiler for d-GUARD that synthesizes policies into Verilog modules. Instead of simply evaluating the design of secure policies for processor pipelines, we extend to secure NoC microarchitectures, including policies for links and routers, as well as policies to prevent Denial-of-Service (DoS) attacks. To mitigate attacks against secure microarchitectures, we also propose fault-tolerant routing approaches to avoid rogue routers when the number of policy violations exceeds a certain threshold. Our secure policies for processor pipelines and NoC microarchitectures consume marginal area and power overhead when compared to baseline making it well suited for low-cost embedded systems.</div></div>\",\"PeriodicalId\":54973,\"journal\":{\"name\":\"Integration-The Vlsi Journal\",\"volume\":\"102 \",\"pages\":\"Article 102367\"},\"PeriodicalIF\":2.2000,\"publicationDate\":\"2025-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Integration-The Vlsi Journal\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167926025000240\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Integration-The Vlsi Journal","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167926025000240","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

随着多核嵌入式系统和片上网络（noc）的普及，新出现的硬件和软件漏洞给确保系统完整性带来了挑战，尤其是在使用第三方知识产权（IP）进行快速原型设计时。先前的工作评估了硬件监视器，以确保通过威胁评估和有效缓解系统的正确性。然而，没有人评估同时结合计算（处理器管道）和通信（NoC）漏洞的模型。在本文中，我们提出了一种称为d-GUARD的高级策略语言，用于定义可编译成硬件监视器的运行时安全策略。这种新语言的优点是能够根据程序的运行时行为动态更改策略。为了将高级策略转换为低级硬件监视器，我们描述了d-GUARD的编译器，该编译器将策略合成为Verilog模块。我们不是简单地评估处理器管道的安全策略设计，而是扩展到安全NoC微架构，包括链路和路由器的策略，以及防止拒绝服务（DoS）攻击的策略。为了减轻对安全微架构的攻击，我们还提出了容错路由方法，以避免在策略违反数量超过一定阈值时出现流氓路由器。与基线相比，我们的处理器管道和NoC微架构的安全策略消耗了边际面积和功耗开销，使其非常适合低成本嵌入式系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Language semantics to support secure computation and communication in embedded systems via hardware monitors

As embedded systems with manycores and Network-on-Chips (NoCs) become ubiquitous, emerging hardware and software vulnerabilities have made it challenging to ensure system integrity especially when third-party intellectual property (IP) is used for rapid prototyping. Prior works have evaluated hardware monitors for ensuring correctness of the system by threat assessment and effective mitigation. However, none have evaluated models that combine both computation (processor pipeline) and communication (NoC) vulnerabilities simultaneously. In this paper, we propose a high-level policy language called d-GUARD that is used to define runtime security policies that can be compiled into hardware monitors. The advantage of this new language is the ability to dynamically change policies based on program’s runtime behavior. To translate high-level policies into low-level hardware monitors, we describe a compiler for d-GUARD that synthesizes policies into Verilog modules. Instead of simply evaluating the design of secure policies for processor pipelines, we extend to secure NoC microarchitectures, including policies for links and routers, as well as policies to prevent Denial-of-Service (DoS) attacks. To mitigate attacks against secure microarchitectures, we also propose fault-tolerant routing approaches to avoid rogue routers when the number of policy violations exceeds a certain threshold. Our secure policies for processor pipelines and NoC microarchitectures consume marginal area and power overhead when compared to baseline making it well suited for low-cost embedded systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Integration-The Vlsi Journal 工程技术-工程：电子与电气

CiteScore

3.80

自引率

5.30%

发文量

107

审稿时长

6 months

期刊介绍： Integration''s aim is to cover every aspect of the VLSI area, with an emphasis on cross-fertilization between various fields of science, and the design, verification, test and applications of integrated circuits and systems, as well as closely related topics in process and device technologies. Individual issues will feature peer-reviewed tutorials and articles as well as reviews of recent publications. The intended coverage of the journal can be assessed by examining the following (non-exclusive) list of topics: Specification methods and languages; Analog/Digital Integrated Circuits and Systems; VLSI architectures; Algorithms, methods and tools for modeling, simulation, synthesis and verification of integrated circuits and systems of any complexity; Embedded systems; High-level synthesis for VLSI systems; Logic synthesis and finite automata; Testing, design-for-test and test generation algorithms; Physical design; Formal verification; Algorithms implemented in VLSI systems; Systems engineering; Heterogeneous systems.