• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE International System-on-Chip Conference >Pro-Active Policing and Policy Enforcement Architecture for Securing MPSoCs
【24h】

Pro-Active Policing and Policy Enforcement Architecture for Securing MPSoCs

机译:用于保护MPSOC的积极主动警务和策略强制架构

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Embedded multiprocessor system-on-chip (MPSoC) architectures allow implementation of mixed critical applications and provide security mechanisms to segregate and protect system resources such as ARM TrustZone. These architectures enforce strict security measures right from the powering on of the system, to prevent misuse and compromise. However, such security measures have been found vulnerable where security design practices are not considered or are poorly implemented, particularly at software and hardware stack boundaries. Also, the embedded solutions developed using these MPSoC platforms are vulnerable to single points of failure and do not contain active response or mitigations for circumstances where a compromise occurs. This paper proposes pro-active hardware based policing and policy enforcement approach, along with system architecture and its hardware components, to this research problem. The architecture is physically isolated from the rich computing resources which actively monitors communications of system resources on the ARM AMBA-AXI4 bus. It detects anomalous system behaviours such as policy violation or compromised bus communication responses, and responds with predefined active countermeasures, such as deletion of secret data or disabling of the device to tackle security vulnerabilities and attacks at runtime. This proposed solution complements existing embedded hardware and software security technologies and provides an additional layer of hardware security when a vulnerability is found and exploited. This contribution lends itself to the principle of least privilege, implemented in software-based access control solutions like SELinux to mitigate when other protections have failed. This paper presents a proof-of-concept work supported by preliminary synthesis results on Xilinx Zynq-7000 and Ultra-Scale+ MPSoC chips.
机译:嵌入式多处理器系统片上系统(MPSoC)架构允许实现混合关键应用程序,并提供安全机制以隔离和保护ARM TrustZone等系统资源。这些架构强制执行严格的安全措施,从系统的电源,以防止滥用和妥协。但是,这些安全措施已被发现易受攻击,其中安全设计实践未被考虑或实现不佳,特别是在软件和硬件堆栈边界处。此外,使用这些MPSOC平台开发的嵌入式解决方案容易受到单点故障的影响,并且在发生折衷的情况下不包含有效响应或缓解。本文提出了基于主动硬件的策略和策略实施方法,以及系统架构及其硬件组件对此研究问题。该架构与丰富的计算资源物理隔离,积极监控臂AMBA-AXI4总线上的系统资源通信。它检测到诸如策略违规或受损的总线通信响应的异常系统行为,并响应预定义的主动对策,例如删除秘密数据或禁用设备以解决运行时的安全漏洞和攻击。这一提议的解决方案补充了现有的嵌入式硬件和软件安全技术,并在找到漏洞和利用时提供额外的硬件安全层。此贡献将其自身带来最小特权的原则,在Selinux等软件的访问控制解决方案中实现,以在其他保护失败时减轻。本文介绍了Xilinx Zynq-7000和超级+ MPSOC芯片的初步合成结果支持的概念证明工作。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号