A security-aware routing approach for networks-on-chip / Uma abordagem de roteamento seguro para redes intrachip

Fernandes, Ramon Costi

13 March 2017

Submitted by Caroline Xavier (caroline.xavier@pucrs.br) on 2017-06-30T13:50:31Z No. of bitstreams: 1 DIS_RAMON_COSTI_FERNANDES_COMPLETO.pdf: 4552821 bytes, checksum: 31f78eb686d2c3126cf0abf4584de386 (MD5) / Made available in DSpace on 2017-06-30T13:50:31Z (GMT). No. of bitstreams: 1 DIS_RAMON_COSTI_FERNANDES_COMPLETO.pdf: 4552821 bytes, checksum: 31f78eb686d2c3126cf0abf4584de386 (MD5) Previous issue date: 2017-03-13 / A pr?xima gera??o de sistemas multiprocessados intra-chip, do ingl?s MultiProcessor Systems-on-Chip (MPSoC), comportar? centenas de elementos de processamento num ?nico chip, com a promessa de alta vaz?o de comunica??o, baixa lat?ncia e, preferencialmente, baixo consumo de energia. Devido ? elevada demanda de comunica??o paralela de aplica??es para MPSoCs, a rede intra-chip, do ingl?s Network-on-Chip (NoC), tem sido amplamente adotada como um meio de comunica??o confi?vel e escal?vel para MPSoCs. O espa?o de projeto para NoCs deve ser explorado para atender ? demanda das aplica??es atuais. Dentre os par?metros que definem uma NoC, o algoritmo de roteamento tem sido utilizado para prover servi?os como toler?ncia ? falhas, liberdade de deadlocks e de livelocks, assim como Quality of Service (QoS). Conforme a ado??o e complexidade de Systems-on-Chip (SoC) aumenta para sistemas embarcados, a preocupa??o com a prote??o de dados tamb?m torna-se um requisito para o projeto de MPSoCs. Atualmente, MPSoCs podem ser atacados explorando vulnerabilidades em hardware ou software, sendo o ?ltimo respons?vel por 80% dos incidentes de seguran?a em sistemas embarcados. A prote??o contra vulnerabilidades de software pode acontecer em: (i) N?vel de Aplica??o, utilizando t?cnicas como a criptografia, para evitar a transmiss?o de dados desprotegidos entre os elementos de um MPSoC, conhecidos como m?dulos de propriedade intelectual, do ingl?s Intellectual Property (IP); ou (ii) N?vel de Comunica??o, inspecionando ou filtrando elementos na arquitetura de interconex?o atrav?s de monitores de comunica??o ou firewalls, respectivamente. Portanto, um algoritmo de roteamento, ciente dos requisitos de seguran?a do sistema, deve oferecer prote??o ao utilizar rotas confi?veis na NoC, evitando elementos potencialmente maliciosos em rotas porventura inseguras. A principal contribui??o deste trabalho ? uma t?cnica de prote??o para NoCs que atua em n?vel de comunica??o, adaptando os algoritmos Segment-based Routing (SBR) e Region-based Routing (RBR) para que estes considerem aspectos de seguran?a do sistema, estes caracterizados por zonas de seguran?a definidas na NoC de acordo com o mapeamento de aplica??es nos IPs. A avalia??o da t?cnica de roteamento considera aspectos como a escalabilidade das tabelas de roteamento, a quantidade de rotas seguras definidas entre os IPs, e o impacto desta t?cnica de roteamento em aplica??es do benchmark NASA Numerical Aerodynamic Simulation (NAS) Parallel Bencharm (NPB). / The next generation of MultiProcessor Systems-on-Chip (MPSoC) will encompass hundreds of integrated processing elements into a single chip, with the promise of highthroughput, low latency and, preferably, low energy utilization. Due to the high communication parallelism required by several applications targeting MPSoC architectures, the Network-on-Chip (NoC) has been widely adopted as a reliable and scalable interconnection mechanism. The NoC design space should be explored to meet the demanding requirements of current applications. Among the parameters that define a NoC configuration, the routing algorithm has been employed to provide services such as fault tolerance, deadlock and livelock freedom, as well as Quality of Service (QoS). As the adoption and complexity of System-on-Chip (SoC) increases for embedded systems, the concern for data protection appears as a new design requirement. Currently, MPSoCs can be attacked by exploiting either hardware or software vulnerabilities, with the later responsible for 80% of the security incidents in embedded systems. Protection against software vulnerabilities can occur at (i) Application Level, by using techniques such as data encryption to avoid plain data transmissions between Intellectual Property (IP) modules; or (ii) Communication Level, inspecting or filtering elements at the interconnect fabric with communication monitors or firewalls, respectively. As such, a routing algorithm aware of security requirements could also offer protection utilizing trusted communication paths in the NoC, avoiding potential malicious elements in otherwise unsafe communication paths. The main contribution of this work is a NoC protection technique at communication level by adapting Segment-based Routing (SBR) and Region-based Routing (RBR) algorithms to consider system security requirements, characterized by security zones which are defined on the NoC according to the mapping of applications on IP modules. Evaluation of the proposed routing technique considers aspects such as the scalability of routing tables, the number of secure communication paths, and the impact of this technique on applications of the NASA Numerical Aerodynamic Simulation (NAS) Parallel Benchmark (NPB).

Networks-on-Chip

NoCs

Intrachip Routing

NoC Security

Redes Intrachip

Roteamento Intrachip

Seguran?a em NoC