1 / 13

Implementing Memory Protection Primitives on Reconfigurable Hardware

Brett Brotherton Nick Callegari Ted Huffmire. Implementing Memory Protection Primitives on Reconfigurable Hardware. Project Goals. Evaluate security primitives for reconfigurable hardware Build a real system with multiple cores Design a security policy for the system

yolanda-russell
Download Presentation

Implementing Memory Protection Primitives on Reconfigurable Hardware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Brett Brotherton Nick Callegari Ted Huffmire Implementing Memory Protection Primitives on Reconfigurable Hardware

  2. Project Goals • Evaluate security primitives for reconfigurable hardware • Build a real system with multiple cores • Design a security policy for the system • Efficient memory system performance • Programmatic interface to system

  3. Reconfigurable Protection Reconfigurable Protection Separation Kernels Separate Processors app1 app2 app3 DRAM app2 app1 gate keeper gate keeper gate keeper kernel DRAM DRAM app2 app1 app3 ReferenceMonitor DRAM app3 DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM DRAM Physical Software

  4. Reference Monitor

  5. Moats

  6. System Overview ublaze 1 ublaze 1 Ref Monitor/Arbiter OPB Shared External Memory AES Core Ethernet RS232

  7. Ethernet • Have integrated an ethernet core into the system • Designed Software to communicate over TCP with the processor • Can send data and operation and get back encrypted/decrypted data

  8. Software For Microblaze • Have modified the serial code to work with new file format. • Can receive and process files over serial and Etherenet • Have set up two processor system and ran simultaneous applications

  9. Reference Monitor and OPB • First Integrated reference monitor with OPB block ram controller • Functions correctly low latency and overhead • Next integrated reference monitor with the OPB • Can regulate access to any of the slave peripherals on the bus • Adds one cycle to the latency • No way to get around this really?

  10. Still To finish • Design reference monitor with new stateful security policy • Integrate this with the system and run tests • Test Microblaze software with new file sending application

  11. User Interface • Currently using Hyperterminal to connect to AES core via serial connection • Tested using 128 bit key & data manually parsed into 32 bit lines and sent via Hyperterminal. • GOAL • Incorporate a User Interface to allow the user to select a data file and key file and receive the corresponding result s 5 8 16 16 0 0 0 0 ce537f5e 5a567cc9 966d9259 0336763e 6a118a87 4519e64e 9963798a 503f1d35

  12. User Interface • Progress • Implemented User Interface in C++ to allow more functionality and user friendliness. • ENCRYPT OF DECRYPT? [1-ENCRYPT][2-DECRYPT] • INPUT FILENAME: • KEY FILENAME: • OUTPUT SENT TO OUTPUT.TXT • Modularized functionality • Currently implemented serial socket coding to allow user to connect to Xilinx board. Functions enabled to listen to the board and output the encrypted/decrypted data to a text file

  13. User Interface • Future Work • The main goal is the Memory Reference Monitor • Key ingredient: • Multiple cores accessing Shared Memory • User interface’s role • Incorporate UI for multiple I/O (Serial & Ethernet) • Each I/O can have its own corresponding core. • Merge Brett’s Ethernet interface with the Serial Interface, and allow user to specify which platform to connect to the Xilinx board.

More Related