IEEE Access (Jan 2023)
A Comprehensive Framework for Systemic Security Management in NoC-Based Many-Cores
Abstract
Many-core Systems-on-Chip (MCSoC) are increasingly used in various applications domains such as high-performance computing, embedded systems, and Internet of Things devices. As MCSoCs permeate various industries and applications, the potential consequences of security issues are becoming increasingly severe. Therefore, security is a fundamental design constraint, addressing vulnerabilities and protecting valuable data from threats. This requires the development of robust security mechanisms and countermeasures against potential threats. The reviewed works on security for MCSoCs addressed frameworks and mechanisms to treat different security threats. Despite these proposals, the integration of security mechanisms still needs to be improved, enabling a security manager to make decisions using monitoring data for mitigating threats more effectively. This integration is the primary goal of our work, aiming to create a comprehensive framework for security management. The framework adopts a Monitoring-Detection-Countermeasure loop. A distributed monitoring infrastructure detects suspicious behaviors, generating warnings to different system actors. These actors decide the warning severity, firing security countermeasures. Countermeasures may be local (e.g., discarding a packet) or taken at the system level (e.g., aborting a malicious application). The results use an MCSoC modeled at the RTL level, providing accuracy at the clock cycle (cc) level. Five different attack scenarios are evaluated, showing that the gap between attack detection and countermeasure takes less than one millisecond (15,000 cc at 100 MHz). The area overhead in the communication infrastructure corresponds to 48.8%. These results show that the framework can effectively manage the system’s security while maintaining the performance of the applications.
Keywords
