Embed Size (px)
DESCRIPTION
Brett Brotherton Nick Callegari Ted Huffmire. Implementing Memory Protection Primitives on Reconfigurable Hardware. Project Goals. Evaluate security primitives for reconfigurable hardware Build a real system with multiple cores Design a security policy for the system - PowerPoint PPT Presentation
Citation preview
Implementing Memory Protection Primitives on Reconfigurable
Hardware
Brett BrothertonNick CallegariTed Huffmire
Project Goals
•Evaluate security primitives for reconfigurable hardware
•Build a real system with multiple cores
•Design a security policy for the system
•Efficient memory system performance
•Programmatic interface to system
System Overview
OPB
ublaze 1 ublaze 1
Ref Monitor/Arbiter
Shared External Memory
AES Core
RS232 Ethernet
Security Policy
•Range0[0x41400000,0x4140ffff]; (Debug)
•Range1[0x28000000,0x28000777]; (AES1)
•Range2[0x28000800,0x28000fff]; (AES2)
•Range3[0x24000000,0x24777777]; (DRAM1)
•Range4[0x24800000,0x24ffffff]; (DRAM2)
•Range5[0x40600000,0x4060ffff]; (RS-232)
•Range6[0x40c00000,0x40c0ffff]; (Ethernet)
•Range7[0x28000004,0x28000007]; (Ctrl_Word1)
•Range8[0x28000008,0x2800000f]; (Ctrl_Word2)
•Range9[0x28000000,0x28000003]; (Ctrl_WordAES)
Security Policy
•Access0{M1,rw,R5}|{M2,rw,R6}|{M1,rw,R3}• |{M2,rw,R4}|{M1,rw,R0}|{M2,rw,R0};•Access1Access0|{M1,rw,R1}|{M1,rw,R9};•Access2Access0|{M2,rw,R1}|{M2,rw,R9};•Trigger0{M1,w,R7};•Trigger1{M1,w,R8};•Trigger2{M2,w,R7};•Trigger3{M2,w,R8};•Expr1Access0|Trigger3Access2*Trigger4;•Expr2Access1|Trigger2Expr1*Trigger1;•Expr3Expr1*Trigger1Expr2*;•PolicyExpr1*|Expr1*Trigger3Access2*• |Expr3Trigger2Expr1*Trigger3Access2*• |Expr3Trigger2Expr1*|Expr3|;
Security Policy DFA
init
M1 M2R0: rw rwR3: rw __R4: __ rwR5: rw __R6: __ rwR7: _w _w
M1 M2R0: rw rwR2: __ rwR3: rw __R4: __ rwR5: rw __R6: __ rwR8: __ _wR9: __ rw
{M2,w,R7}
M1 M2R0: rw rwR1: rw __R3: rw __R4: __ rwR5: rw __R6: __ rwR8: _w __R9: rw __
{M1,w,R7}{M2,w,R8} {M1,w,R8}
System Overview
OPB
ublaze 1 ublaze 1
Ref Monitor/Arbiter
Shared External Memory
AES Core
RS232 Ethernet
Performance Results
•One cycle latency increase for reference monitor 25.75 vs 26.75 cycles
•Area overhead very small 116 LUTs (1% increase)
•Clock speed increase 65 to 73 MHz
Impact of Moats
•Moats tested for size 0, 1, 2, 6•Best case: 0 and 6 only a 4% decrease in
clock frequency•Area overhead minimal
User Interface
• Currently using Hyperterminal to connect to AES core via serial connection Tested using 128 bit key & data
manually parsed into 32 bit lines and sent via hyperterminal.
• GOAL Incorporate a User Interface to
allow the user to select a data file and key file and receive the corresponding result over multiple communication platforms to test multi-core design and Reference Monitor.
s5816160000ce537f5e5a567cc9966d92590336763e6a118a874519e64e9963798a503f1d35
User Interface
•Progress Implemented User Interface in C++ to
allow more functionality and user friendliness.
SERIAL OR ETHERNET? [1-SERIAL][2-ETHERNET] ENCRYPT OR DECRYPT? [1-ENCRYPT][2-DECRYPT] INPUT FILENAME: KEY FILENAME: OUTPUT SENT TO OUTPUT.TXT
Demo
•Demo
