Visible to the public Biblio

Filters: Author is Becker, J.  [Clear All Filters]
2021-03-29
Dörr, T., Sandmann, T., Becker, J..  2020.  A Formal Model for the Automatic Configuration of Access Protection Units in MPSoC-Based Embedded Systems. 2020 23rd Euromicro Conference on Digital System Design (DSD). :596—603.

Heterogeneous system-on-chip platforms with multiple processing cores are becoming increasingly common in safety-and security-critical embedded systems. To facilitate a logical isolation of physically connected on-chip components, internal communication links of such platforms are often equipped with dedicated access protection units. When performed manually, however, the configuration of these units can be both time-consuming and error-prone. To resolve this issue, we present a formal model and a corresponding design methodology that allows developers to specify access permissions and information flow requirements for embedded systems in a mostly platform-independent manner. As part of the methodology, the consistency between the permissions and the requirements is automatically verified and an extensible generation framework is used to transform the abstract permission declarations into configuration code for individual access protection units. We present a prototypical implementation of this approach and validate it by generating configuration code for the access protection unit of a commercially available multiprocessor system-on-chip.

2021-03-15
Silitonga, A., Gassoumi, H., Becker, J..  2020.  MiteS: Software-based Microarchitectural Attacks and Countermeasures in networked AP SoC Platforms. 2020 IEEE 14th International Conference on Anti-counterfeiting, Security, and Identification (ASID). :65—71.

The impact of microarchitectural attacks in Personal Computers (PCs) can be further adapted to and observed in internetworked All Programmable System-on-Chip (AP SoC) platforms. This effort involves the access control or execution of Intellectual Property cores in the FPGA of an AP SoC Victim internetworked with an AP SoC Attacker via Internet Protocol (IP). Three conceptions of attacks were implemented: buffer overflow attack at the stack, return-oriented programming attack, and command-injection-based attack for dynamic reconfiguration in the FPGA. Indeed, a specific preventive countermeasure for each attack is proposed. The functionality of the countermeasures mainly comprises adapted words addition (stack protection) for the first and second attacks and multiple encryption for the third attack. In conclusion, the recommended countermeasures are realizable to counteract the implemented attacks.