Biblio
Filters: Author is Chaves, Cesar G. [Clear All Filters]
.
2021. Lightweight Monitoring Scheme for Flooding DoS Attack Detection in Multi-Tenant MPSoCs. 2021 IEEE International Symposium on Circuits and Systems (ISCAS). :1–5.
The increasing use of Multiprocessor Systems-on-Chip (MPSoCs) within scalable multi-tenant systems, such as fog/cloud computing, faces the challenge of potential attacks originated by the execution of malicious tasks. Flooding Denial- of-Service (FDoS) attacks are one of the most common and powerful threats for Network-on-Chip (NoC)-based MPSoCs. Since, by overwhelming the NoC, the system is unable to forward legitimate traffic. However, the effectiveness of FDoS attacks depend on the NoC configuration. Moreover, designing a secure MPSoC capable of detecting such attacks while avoiding excessive power/energy and area costs is challenging. To this end, we present two contributions. First, we demonstrate two types of FDoS attacks: based on the packet injection rate (PIR-based FDoS) and based on the packet's payload length (PPL-based FDoS). We show that fair round-robin NoCs are intrinsically protected against PIR-based FDoS. Instead, PPL-based FDoS attacks represent a real threat to MPSoCs. Second, we propose a novel lightweight monitoring method for detecting communication disruptions. Simulation and synthesis results show the feasibility and efficiency of the presented approach.
.
2019. Detecting and Mitigating Low-and-Slow DoS Attacks in NoC-based MPSoCs. 2019 14th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC). :82—89.
As Multi-Processor Systems-on-Chip (MPSoCs) permeate the Internet by powering IoT devices, they are exposed to new threats. One major threat is Denial-of-Service (DoS) attacks, which make communication services slow or even unavailable. While mainly studied on desktop and server systems, some DoS attacks on mobile devices and Network-on-Chip (NoC) platforms have also been considered. In the context of NoC-based MPSoC architectures, previous works have explored flooding DoS attacks and their countermeasures, however, these protection techniques are ineffective to mitigate new DoS attacks. Recently, a shift of the network attack paradigm from flooding DoS to Low-and-Slow DoS has been observed. To this end, we present two contributions. First, we demonstrate, for the first time, the impact of Low-and-Slow DoS attacks in NoC environments. Second, we propose a lightweight online monitor able to detect and mitigate these attacks. Results show that our countermeasure is feasible and that it effectively mitigates this new attack. Moreover, since the monitors are placed at the entry points of the network, both, single- and multi-source attacks can be neutralized.