Improving the Security of Multiprocessor-Based Embedded System Designs

Abstract

Designers are ambitious; we want to make embedded systems that are more capable, more connected, and ultimately, more complex. To tackle myriad design goals, the development of heterogeneous Multiprocessor System on Chips (MPSoCs) has emerged as a fashionable design paradigm. Embedded systems can be implemented more easily when various components, such as processors, memories, hardware accelerators, and other Intellectual Property (IP) blocks are integrated into a Network on Chip (NoC). This approach allows designers to better leverage parallelism and reduce costs through consolidation of many different functionalities into a single chip.However, as embedded systems become more capable and Internet connected, so too are malicious entities—as we come to deploy embedded systems in more application domains, attackers have greater incentive to discover and exploit vulnerabilities for illicit gain. Where once security was handled as a secondary concern, or even worse, as an afterthought, designers acknowledge the value in treating security upfront. This thesis investigates strategies to introduce security into the design of multiprocessor-based systems from the very outset. The research we present is focussed on improving security, with the aim of reducing the impact of successful compromises.After identifying the opportunities for hardware-based support for security mechanisms from a thorough examination of the literature, we begin by developing a conceptual model for describing the relationships between components in aMPSoC and the potential threats in a design. This leads us towards research into potential low-level mechanisms for improving security, and we present digital hardware for implementing decentralised and dynamic access controls in an MPSoC. One challenge in design for security is that design flows are often ad-hoc, so we propose a security-aware design process that systematically generates a security-enhanced MPSoC. Decentralised and dynamic access controls form the foundation for security improvement. Raising the abstraction level once more, we present research on context-aware protections, where we re-frame memory accesses as service consumption, and enhance access controls with information about when an access should occur as part of a service. Our contributions are a system-level security-aware approach for MPSoC design, hardware support for decentralised and dynamic access controls, and systematic automated design methodologies.