Networks on Chip with Provable Security Properties

In systems where a lack of safety or security guarantees can be catastrophic or even fatal, noninterference is used to separate domains handling critical (or confidential) information from those processing normal (or unclassified) data for purposes of fault containment and ease of verification. This article introduces SurfNoC, an on-chip network that significantly reduces the latency incurred by strict temporal partitioning. By carefully scheduling the network into waves that flow across the interconnect, data from different domains carried by these waves are strictly noninterfering while avoiding the significant overheads associated with cycle-by-cycle time multiplexing. The authors describe the scheduling policy and router microarchitecture changes required, and evaluate the information-flow security of a synthesizable implementation through gate-level information flow analysis. When comparing their approach for varying numbers of domains and network sizes, they find that in many cases SurfNoC can reduce the latency overhead of implementing cycle-level noninterference by up to 85 percent.