Abstract
Modern-day System-on-Chip (SoC) security architectures designed for smart connected devices, such as Internet of Things (IoT) and automotive applications, are often confined by two crucial design aspects: in-field configuration and low overhead. Due to the restrictions posed by these design aspects, it is extremely difficult to develop a robust and adaptable architecture for SoC security policies in IoT and automotive platforms. Security policies, on the other hand, are of critical significance as they implement the confidentiality, integrity, and availability requirements of diverse on-chip security assets. During the complex and often a long life of a system, security requirements evolve, giving rise to the need of adapting security policies. Existing SoC architecture and design flow do not provide the flexibility for easy adaptation of SoC security policies based on emerging threats or security requirements. To address these design constraints and subsequent limitations, a novel security architecture and CAD flow is proposed in this work for efficient implementation of diverse security policies. The adaptable architecture and associated CAD flow enable hardware patching through a reconfigurable security policy engine that can be seamlessly and securely upgraded in-field to address unanticipated attacks and update new security requirements. The infrastructure of the proposed security framework is build with three primary building blocks. First, a centralized Reconfigurable Security Policy Engine (RSPE) is introduced to implement and upgrade policies in-field without comprehensive changes in the architecture. Second, a set of smart security wrappers are developed for efficient extraction of security critical event information and avoidance of communication bottleneck. Third, the on-chip debug instrumentation i.e. the Design-for-Debug (DfD) infrastructure is employed with minimal modification for extensive access to an arbitrary number of signals of the SoC. A suitable CAD framework is also proposed along with the architecture to systematically implement diverse security policies. The result analysis shows that the architecture provides a high level of adaptability with minimal overhead in terms of power, area, energy, and performance. Hence, the security architecture is highly suited for SoC in IoTs and automotive systems operating in a rigid boundary of performance and energy profiles.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Evans, D.: The internet of things—how the next evolution of the internet is changing everything. White Paper, Cisco Internet Business Solutions Group (IBSG) (2011)
Sastry, M.R., Schoinas, I.T., Cermak, D.M.: Method for enforcing resource access control in computer system. US Patent 20120079590 A1 (2012)
Krstic, S. et al.: Security of SoC firmware load protocol. HOST (2014)
Li, X. et al.: Sapper: a language for hardware level security policy enforcement. ASPLOS (2014)
Rushby, J.: Noninterference, transitivity, and channel-control security policies. SRI International, Computer Science Laboratory (1992)
ARM: Building a secure system using trustzone technology. ARM Limited (2009)
Basak, A., Bhunia, S., Ray, S.: A flexible architecture for systematic implementation of SoC security policies. IEEE ICCAD (2015)
Miettinen, M., Heuser, S., Kronz, W., Sadeghi, A.-R., Asokan, N.: Conxsense: automated context classification for context-aware access control. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 293–304. ACM (2014)
Conti, M., Crispo, B., Fernandes, E., Zhauniarovich, Y.: Crêpe: a system for enforcing fine-grained context-related policies on android. IEEE Tran. Inf. Forensics Sec. 7(5), 1426–1438 (2012)
Hull, R., Kumar, B., Lieuwen, D., Patel-Schneider, P.F., Sahuguet, A., Varadarajan, S., Vyas, A.: Enabling context-aware and privacy-conscious user data sharing. In: 2004 IEEE International Conference on Mobile Data Management, 2004. Proceedings, pp. 187–198. IEEE (2004)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, IEEE, pp. 11–11 (1982)
Ray, S., Yang, J., Basak, A., Bhunia, S.: Correctness and security at odds: post-silicon validation of modern SoC designs. In: DAC (2015)
Amtoft, T., Bandhakavi, S., Banerjee, A.: A logic for information flow in object-oriented programs. ACM SIGPLAN Notices 41(1), 91–102 ACM (2006)
Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distrib. Comput. 2(3), 117–126 (1987)
Borisov, N., Johnson, R., Sastry, N., Wagner, D.: Fixing races for fun and profit: how to abuse a time (2005)
Ray, S., Jin, Y.: Security policy enforcement in modern soc designs. In: 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), Nov 2015, pp. 345–350
Loucaides, J., Furtak, A.: A new class of vulnerability in SMI handlers of BIOS/UEFI firmware. In: The \(15\)th Annual CanSecWest Conference (CanSecWest) (2015)
Nath, A.P.D., Ray, S., Basak, A., Bhunia, S.: System-on-chip security architecture and cad framework for hardware patch. In: 2018 23rd Asia and South Pacific Design Automation Conference (ASP-DAC), Jan 2018, pp. 733–738
Basak, A., Bhunia, S., Ray, S.: Exploiting design-for-debug for flexible SoC security architecture. In: DAC (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Deb Nath, A.P., Hoque, T., Ray, S., Bhunia, S. (2019). An Adaptable System-on-Chip Security Architecture for Internet of Things Applications. In: Chakraborty, R., Mathew, J., Vasilakos, A. (eds) Security and Fault Tolerance in Internet of Things. Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-030-02807-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-02807-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02806-0
Online ISBN: 978-3-030-02807-7
eBook Packages: EngineeringEngineering (R0)