http://www.cs.ucsb.edu/~sherwood/RCsec/

A 3-Pronged Approach to Adaptive Security and Separation in Reconfigurable Hardware Blurring the line between software and hardware, reconfigurable devices strive to strike a balance between the raw high speed of custom silicon and the post-fabrication flexibility of programmable processors. This flexibility is a boon for embedded system developers, who can now rapidly prototype and deploy solutions that include a variety of ``soft IP cores'' from different third-party vendors, with performance approaching that of custom silicon designs. However, in reality the various cores, which may share external resources such as memory, can possess divergent levels of trustworthiness and be provided by mutually suspicious vendors. The problem is that, unlike traditional software where resources are managed by an operating system, soft IP cores in reconfigurable devices necessarily have direct, fine grain control over the underlying hardware, and can intercept or even interfere with the operation of one another. We address this problem with a set of novel security primitives and the complementary use of both static and dynamic techniques for isolation of cores. app1

gatekeeper

gatekeeper

app3

app2

DRAM

app2

DRAM

gatekeeper

Kernel or VM

app1

DRAM

DRAM

app3

app2

app1

Reference Monitor app3

FPGA

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

Isolation Option 1: Physically Separate Cores

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

Isolation Option 3: RCsec

Isolation Option 2: On-Chip Separation Software

Physical Isolation: Moats and Drawbridges Isolation is imperative to ensure the confidentiality and integrity of the data stored in an IP core. One of the goals of the RCSec Project is to support physical isolation of cores on reconfigurable hardware such as FPGAs. The robust routing structure and ease of reconfigurability on FPGAs makes isolation difficult. To achieve isolation, we propose a solution where each core is surrounded by a "moat" - an area that contains no logic. This ensures that the cores are physically isolated. However the cores must communicate amongst each other and with external peripherals. "Drawbridges" are a precisely defined communication path that cross the moats allowing the cores to communicate. We are developing a tool which allows us to check the bitstream of a design and verify that the moats are only crossed by specified drawbridges. Moats and Drawbridges allow for us to isolate the cores providing integrity and confidentiality of their data.

small FPGA design with 2 cores

Core A

Core B

one set of logic blocks and associated routing

long interconnects

switchbox

Core A and B significantly overlapping

Dynamic Policy Enforcement: An Ontology for Dynamic Security Policies The RCsec project is developing a comprehensive computer security ontology specific to dynamic security policies and mechanisms. While previous efforts have defined hierarchies and semantics for various aspects of computer security at a high level, the actual ontology implementations have not been thorough, and none have focused on the properties or unique problems of dynamic security policies. Our ontology will incorporate the characteristics of existing policies and models of dynamic security. From that base, we hope to identify any missing elements, as well as to extrapolate logical extensions, to provide a robust foundation for dynamic security research. The RCsec ontology will then support the development of an adaptive security policy model for representing the control and management of reconfigurable hardware. We also plan to extend the ontology with a new framework for representing security policy decisions, to support investigation of problems such as the dynamic interaction of MLS rules with information flow control, and the return of a system to a previous secure state.

Protecting and Separating Memory: Hardware Reference Monitors A key element of our isolation strategy is the use of a reconfigurable reference monitor to provide policy-driven memory protection. We have developed a memory protection mechanism capable of enforcing policies expressed as a formal language. A policy is a formal toplevel specification of the legal sharing of memory among cores. We have developed a compiler that translates a policy of legal sharing to a hardware description of a reference monitor that enforces the policy. The hardware description is then synthesized into reconfigurable logic, which are directly transferred onto an FPGA. Testing has shown this approach to be efficient in terms of both processing time and space usage on the FPGA. We are currently developing techniques to prevent the use of the internal states of the reference monitor as covert channels. Since any reference monitor is only as good as the policy it enforces, we are also developing tools for the analysis of candidate policies, and to make the process of expressing policies as precise and user-friendly as possible for embedded systems designers.

CyberTrust PI Meeting Atlanta, Georgia January 2007

A 3-Pronged Approach to Adaptive Security and ...

Blurring the line between software and hardware, reconfigurable devices strive to ... Isolation Option 2: On-Chip Separation Software ... CyberTrust PI Meeting.

813KB Sizes 1 Downloads 242 Views

Recommend Documents

A Dynamic and Adaptive Approach to Distribution ...
the performance of the underlying portfolio or unforeseen ... Distribution Planning and Monitoring by David M. .... performance-based withdrawal methodolo-.

A Decentralized Adaptive Fuzzy Approach
for a multi-agent formation problem of a group of six agents, .... more realistic solutions for formation control of multi-agent systems. ..... model,” Computer Graphics, vol. ... “Contaminant cloud boundary monitoring using network of uav sensor

adaptive security appliance.pdf
adaptive security appliance.pdf. adaptive security appliance.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying adaptive security appliance.pdf.

A Reuse-Based Approach to Determining Security ... - Semantic Scholar
declarative statements about the degree of protection required [17]. Another ..... be Internet script kiddies, business competitors or disgruntled employees. ..... administration risk analysis and management method conforming to ISO15408 (the ...

A Software Architectural Approach to Security By Design
ponents of a TAID network: 1) TAIDs describing subsys- tems/components; 2) interfaces, ..... Architectural interaction dia- grams: Aids for system modeling.

Google Maps Engine Approach to IT Security
A GME project is a unique account generated for a customer ... the same system used by products such as Google Apps and .... customer support tickets.

Google's Approach to IT Security - googleusercontent.com
Reviews security plans for Google's networks, systems, and services using a multi-phase process .... Figure 1: Google's Multi-tenant, distributed environment.

Google Maps Engine Approach to IT Security
Google's base map and create custom maps and applications. It incorporates Google ... which is generated by a mobile app or hardware token, in addition to a ...

An Adaptive Projected Subgradient Approach to ...
agriculture, disaster relief management, radar, and acoustic source localization ... also be used to approximate the solution of a (fixed) convex optimization ... 1The study in [4] further divides diffusion networks into two types: diffusion and prob

A Decision-Theoretic Approach for Adaptive User ...
Designing user-interfaces for interactive machine learning systems remains a com- plex, time-consuming .... communicative layer, the UI's actions can be split into three basic parts aI = (aI−E. , aI−U. , aI−M. ), .... Large state spaces can be

A modified model reference adaptive control approach ...
of the sinusoidal x(t), Atn, is slow, i.e. n , 1. This is ... of oscillation is constant, i.e. over any full cycle ..... 3 Popov, V. M. Hyperstability of control systems, 1973.

pdf-1410\adaptive-software-development-a-collaborative-approach ...
... the apps below to open or edit this item. pdf-1410\adaptive-software-development-a-collaborat ... o-managing-complex-systems-by-james-a-highsmith.pdf.

Towards a Mobile Applications Security Approach
back the guidelines for secure mobile applications .... storage, performance are quite limited comparing to .... 'telecom/cal.vcs' for the devices calendar file.

Epub Secured Credit: A Systems Approach Security ...
... none Secured Credit: A Systems Approach For Mobile by Security Pacific Bank ... Secured Credit: A Systems Approach For android by Security Pacific Bank ...

pdf-1873\feminist-security-studies-a-narrative-approach-prio-new ...
Connect more apps... Try one of the apps below to open or edit this item. pdf-1873\feminist-security-studies-a-narrative-approach-prio-new-security-studies.pdf.

pdf-1399\security-management-a-critical-thinking-approach ...
... apps below to open or edit this item. pdf-1399\security-management-a-critical-thinking-approa ... ide-series-by-michael-land-truett-ricks-bobby-ricks.pdf.