Title :
High-level security services based on a hardware NoC Firewall module
Author :
Miltos D. Grammatikakis;Polydoros Petrakis;Antonis Papagrigoriou;George Kornaros;Marcello Coppola
Author_Institution :
Technological Educational Institute of Crete, GR-71004 Heraklion, Greece
Abstract :
Security services are typically based on deploying different types of modules, e.g. firewall, intrusion detection or prevention systems, or cryptographic function accelerators. In this study, we focus on extending the functionality of a hardware Network-on-Chip (NoC) Firewall on the Zynq 7020 FPGA of a Zedboard. The NoC Firewall checks the physical address and rejects untrusted CPU requests to on-chip memory, thus protecting legitimate processes running in a multicore SoC from the injection of malicious instructions or data to shared memory. Based on a validated kernel-space Linux system driver of the NoC Firewall which is seen as a reconfigurable, memory-mapped device on top of AMBA AXI4 interconnect fabric, we develop higher-layer security services that focus on physical address protection based on a set of rules. While our primary scenario concentrates on monitors and actors related to protection from malicious (or corrupt) drivers, other interesting use cases related to healthcare ethics, are also put into the context.
Keywords :
"Firewalls (computing)","Field programmable gate arrays","Linux","Hardware","Registers","Network interfaces"
Conference_Titel :
Intelligent Solutions in Embedded Systems (WISES), 2015 12th International Workshop on