COMPREHENSIVE SET OF METHODS TO SECURE APPLICATIONS IN NOC-BASED MANY-CORES
DEFESA DE PROPOSTA DE TESE – Programa de Pós-Graduação em Ciência da Computação
COMPREHENSIVE SET OF METHODS TO SECURE APPLICATIONS IN NOC-BASED MANY-CORES
ALUNO: RAFAEL FOLLMANN FACCENDA
ORIENTADOR: Dr. Fernando Gehm Moraes
BANCA EXAMINADORA: Dr. Cesar Albenes Zeferino (MCA/UNIVALI), Dr. Ney Laert Vilar Calazans (PPGCC/PUCRS)
DATA: 03 de março de 2022
LOCAL: Videoconferência
HORÁRIO: 10h
Link para acessar a videoconferência
Senha: 1234
RESUMO:
Many-core Systems on Chip (MCSoC) are platforms designed to provide high-performance systems based on parallelism, meeting the current demand of embedded devices with power consumption and communication constraints. An MCSoC contains PEs (Processing Elements) interconnected by complex communication infrastructures, such as NoCs (Networks-on-Chip). Network Interfaces (NI) connect PEs to the routers of the NoC. As the adoption and complexity of MCSoCs increase, data protection appears as a design requirement. These systems handle sensitive information. Thus, it is necessary to protect this data from unauthorized access. The Thesis motivation is to answer the following question: “how to protect the communication between PEs against
threats“? The literature presents techniques, such as cryptography, authentication codes, error correction codes, creation of a communication flow profile to detect anomalous behavior. These defense mechanisms seek to protect the MCSoC from a given attack, lacking proposals protecting the system against the plethora of possible threats. The Opaque Secure Zone (OSZ) is a defense mechanism executed at runtime that focuses on finding a rectilinear region with free PEs to map an application with security constraints. OSZ prevent attacks from outside sources, such as Denial-of-Service (DoS), timing attack, spoofing, man-in-the-middle. Even though the method is robust against external attacks, it still presents vulnerabilities when HTs infect routers inside the OSZ or when the application running in the OSZ needs to communicate with external peripherals. This Thesis adopts the OSZ proposal as the baseline secure mechanism, adding four new techniques to improve security: (1) Session Manager, responsible for protecting the OSZ communication against HT attack and faults; (2) a new system organization with gray and secure areas to define the location of applications with security requirements; (3) a NI that complies with the peripheral communication API; (4) a defragmentation technique to improve system utilization. The Thesis originality is in developing these defense mechanisms in both hardware and software levels, through the enrichment of the OSZ proposal, bringing extra security layers, both within the OSZ and when iterating with external devices.
