Security Primitives for Reconfigurable Hardware-Based Systems

Nguyen, Thuy; Irvine, Ynthia; Brotherton, Brett; Wang, Gang

Security Primitives for Reconfigurable Hardware-Based Systems

Active / Technical Report | Accession Number: ADA535074 |

Open PDF

Abstract:

Computing systems designed using reconfigurable hardware are increasingly composed using a number of different Intellectual Property IP cores, which are often provided by third-party vendors that may have different levels of trust. Unlike traditional software where hardware resources are mediated using an operating system, IP cores have fine-grain control over the underlying reconfigurable hardware. To address this problem, the embedded systems community requires novel security primitives that address the realities of modern reconfigurable hardware. In this work, we propose security primitives using ideas centered around the notion of moats and drawbridges. The primitives encompass four design properties logical isolation, interconnect traceability, secure reconfigurable broadcast, and configuration scrubbing. Each of these is a fundamental operation with easily understood formal properties, yet they map cleanly and efficiently to a wide variety of reconfigurable devices. We carefully quantify the required overheads of the security techniques on modern FPGA architectures across a number of different applications.

Author(s):

Huffmire, Ted ; Levin, Timothy ; Nguyen, Thuy ; Irvine, Ynthia ; Brotherton, Brett ; Wang, Gang ; Sherwood, Timothy ; Kastner, Ryan

Author Organization(s):

NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE

Descriptive Note:

Journal article

Supplementary Note:

Published in ACM Transactions on Reconfigurable Technology and Systems, v3, n2, article 10, May 2010.

Pagination:

0036

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Monitor Series:

NPS-CS

Subject Terms

Joint Capability Areas:

JCA_4.6_Engineering; JCA_4.6.1_General Engineering; JCA_6.1.3_Switching and Routing; JCA_6_Net Centric; JCA_6.1_Information Transport; JCA_7_Protection; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_5_Command and Control; JCA_5.3_Planning; JCA_4.2_Supply; JCA_6.4.1_Secure Information Exchange; JCA_4.2.1_Manage Supplies and Equipment; JCA_6.4_Information Assurance; JCA_1_Force Support; JCA_1.2_Force Preparation; JCA_1.2.3_Educating; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_8_Building Partnerships

Modernization Areas:

Microelectronics

Communities of Interest:

Advanced Electronics

Descriptor(s):

*MEMORY DEVICES, *EMBEDDED SYSTEMS, *ELECTRONIC SECURITY, CHIPS(ELECTRONICS), FIELD PROGRAMMABLE GATE ARRAYS, CODING, SEPARATION, COMPUTER ARCHITECTURE, COMPUTER LOGIC, REPRINTS

Field(s)/Group(s):

Computer Hardware, Computer Systems Management and Standards, Cybernetics

Keyword(s):

VIRTUAL MEMORY, AES(ADVANCED ENCRYPTION STANDARD), HARDWARE SECURITY, REFERENCE MONITORS, EXECUTION MONITORS, ENFORCEMENT MECHANISMS, SECURITY POLICIES, STATIC ANALYSIS, SECURITY PRIMITIVES, SYSTEMS ON A CHIP, RECONFIGURABLE SYSTEMS

Report Date:

2010 May 01

Creation Date:

2011 Feb 02