Designing Secure Heterogeneous Multicore Systems from Untrusted Components

Michel  A. Kinsy; Lake Bu; Mihailo Isakov; Miguel Mark

doi:10.3390/cryptography2030012

Cryptography (Jun 2018)

Designing Secure Heterogeneous Multicore Systems from Untrusted Components

Michel A. Kinsy,
Lake Bu,
Mihailo Isakov,
Miguel Mark

Affiliations

Michel A. Kinsy: Adaptive and Secure Computing Systems (ASCS) Laboratory, Department of Electrical and Computer Engineering, Boston University, Boston, MA 02215, USA
Lake Bu: Adaptive and Secure Computing Systems (ASCS) Laboratory, Department of Electrical and Computer Engineering, Boston University, Boston, MA 02215, USA
Mihailo Isakov: Adaptive and Secure Computing Systems (ASCS) Laboratory, Department of Electrical and Computer Engineering, Boston University, Boston, MA 02215, USA
Miguel Mark: Adaptive and Secure Computing Systems (ASCS) Laboratory, Department of Electrical and Computer Engineering, Boston University, Boston, MA 02215, USA

DOI: https://doi.org/10.3390/cryptography2030012
Journal volume & issue: Vol. 2, no. 3
p. 12

Abstract

Read online

In current systems-on-chip (SoCs) designs, processing elements, i.e., intellectual property (IP) cores, may come from different providers, and executable code may have varying levels of trust, all executing on the same compute platform and sharing resources. This creates a very fertile attack ground and represents the Achilles’ heel of heterogeneous SoC architectures and distributed connected devices. The general consensus today is that conventional approaches and software-only add-on schemes fail to provide sufficient security protections and trustworthiness. In this paper, we develop a secure heterogeneous SoC architecture named Hermes. It represents a new architectural model that integrates multiple processing elements (called tenants) of secure and non-secure cores into the same chip design while: (a) maintaining individual tenant security; (b) preventing data leakage and corruption; (c) promoting collaboration among the tenants; and (d) tolerating untrusted tenants with potentially malicious purposes. The Hermes architecture is based on a programmable secure router interface and a trust-aware routing algorithm. Depending on the trust levels of computing nodes, it is able to virtually isolate them in different access modes to the memory blocks. With secure key management and join protocols, Hermes is also able to function properly when nodes request for, or allow, memory access in a dishonest manner. With 17% hardware overhead, it enables the implementation of processing-element-oblivious secure multicore systems with a programmable distributed group key management scheme. The Hermes architecture is meant to emblematize the design of secure heterogeneous multicore computing systems out of unsecured or untrusted components using user-defined security policies to create at the hardware-level virtual zones to enforce these security and trust policies.

Published in Cryptography

ISSN: 2410-387X (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology
Website: http://www.mdpi.com/journal/cryptography

About the journal

Abstract

Keywords