DocumentCode
1622168
Title
Security enhancements for FPGA-based MPSoCs: A boot-to-runtime protection flow for an embedded Linux-based system
Author
Cotret, Pascal ; Devic, Florian ; Gogniat, Guy ; Badrignans, Benoît ; Torres, Lionel
Author_Institution
Lab. Lab.-STICC, Univ. de Bretagne-Sud, Lorient, France
fYear
2012
Firstpage
1
Lastpage
8
Abstract
Nowadays, embedded systems become more and more complex: the hardware/software codesign approach is a method to create such systems in a single chip which can be based on reconfigurable technologies such as FPGAs (Field-Programmable Gate Arrays). In such systems, data exchanges are a key point as they convey critical and confidential information and data are transmitted between several hardware modules and software layers. In case of an FPGA development life cycle, OS (Operating System) / data updates as runtime communications can be done through an insecure link: attackers can use this medium to make the system misbehave (malicious injection) or retrieve bitstream-related information (eavesdropping). Recent works propose solutions to securely boot a bitstream and the associated OS while runtime transactions are not protected. This work proposes a full boot-to-runtime protection flow of an embedded Linux kernel during boot and confidentiality/integrity protection of the external memory containing the kernel and the main application code/data. This work shows that such a solution with hardware components induces an area occupancy of 10% of a xc6vlx240t Virtex-6 FPGA while having an improved throughput for Linux booting and low-latency security for runtime protection.
Keywords
Linux; field programmable gate arrays; hardware-software codesign; system-on-chip; FPGA development life cycle; FPGA-based MPSoC; Linux booting; OS; bitstream-related information; boot-to-runtime protection flow; confidential information; confidentiality-integrity protection; data updates; eavesdropping; embedded Linux kernel; embedded Linux-based system; external memory; field programmable gate arrays; hardware modules; hardware-software codesign approach; low-latency security; malicious injection; operating system; reconfigurable technologies; runtime communications; runtime protection; security enhancement; software layers; Cryptography; Field programmable gate arrays; IP networks; Kernel; Linux; Random access memory;
fLanguage
English
Publisher
ieee
Conference_Titel
Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC), 2012 7th International Workshop on
Conference_Location
York
Print_ISBN
978-1-4673-2570-7
Electronic_ISBN
978-1-4673-2571-4
Type
conf
DOI
10.1109/ReCoSoC.2012.6322896
Filename
6322896
Link To Document