Enforcing Memory Policy Specifications in Reconfigurable Hardware
Loading...
Authors
Huffmire, Ted
Sherwood, Timothy
Kastner, Ryan
Levin, Timothy
Subjects
Reconfigurable hardware
Protection mechanisms
Security and Privacy Protection
Access controls
Protection mechanisms
Security and Privacy Protection
Access controls
Advisors
Date of Issue
2008-10-01
Date
Publisher
Computers and Security
Language
Abstract
While general-purpose processor based systems are built to enforce memory protection to prevent the unintended sharing of data between processes, current systems built around reconfigurable hardware typically offer no such protection. Several reconfigurable cores are often integrated onto a single chip where they share external resources such as memory. While this enables small form factor and low cost designs,
it opens up the opportunity for modules to intercept or even interfere with the operation of one another. We investigate the design and synthesis of a FPGA memory protection mechanism capable of enforcing access control policies and a methodology for translating formal policy descriptions into FPGA enforcement mechanisms. The efficiency of our access language design flow is evaluated in terms of area and cycle time across a variety of security scenarios. We also describe a technique for ensuring that the internal state of the reference monitor cannot be used as a covert storage channel.
Type
Article
Description
Series/Report No
Department
Computer Science (CS)
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Computers and Security, vol. 27, pp. 197-215, October 2008.
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.