Modern System-on-Chip (SoC) designs integrate a number of third party IPs (3PIPs) that coordinate and communicate through a Network-on-Chip (NoC) fabric to realize system functionality. An important class of SoC security attack involves a rogue IP tampering with the inter-IP communication. These attacks include message snoop, message mutation, message misdirection, IP masquerade, and message flooding. Static IP-level trust verification cannot protect against these SoC-level attacks. In this paper, we analyze the vulnerabilities of system level communication among IPs and develop a novel SoC security architecture that provides system resilience against exploitation by untrusted 3PIPs integrated over an NoC fabric. We show how to address the problem through a collection of fine-grained SoC security policies that enable on-the-fly monitoring and control of appropriate security-relevant events. Our approach, for the first time to our knowledge, provides an architecture-level solution for trusted SoC communication through run-time resilience in the presence of untrusted IPs. We demonstrate viability of our approach on a realistic SoC design through a series of attack models and show that our architecture incurs minimal to modest overhead in area, power, and system latency.

中文翻译：

---

采用 NoC 结构的弹性片上系统设计


现代片上系统 (SoC) 设计集成了许多第三方 IP (3PIP)，这些第三方 IP 通过片上网络 (NoC) 结构进行协调和通信，以实现系统功能。一类重要的 SoC 安全攻击涉及恶意 IP 篡改 IP 间通信。这些攻击包括消息窥探、消息突变、消息误导、IP 伪装和消息洪泛。静态 IP 级信任验证无法防范这些 SoC 级攻击。在本文中，我们分析了 IP 之间系统级通信的漏洞，并开发了一种新颖的 SoC 安全架构，该架构提供系统弹性，以防止通过 NoC 结构集成的不可信 3PIP 的利用。我们展示了如何通过一系列细粒度的 SoC 安全策略来解决该问题，这些策略支持动态监视和控制适当的安全相关事件。据我们所知，我们的方法首次在存在不可信 IP 的情况下通过运行时弹性为可信 SoC 通信提供架构级解决方案。我们通过一系列攻击模型展示了我们的方法在实际 SoC 设计上的可行性，并表明我们的架构在面积、功耗和系统延迟方面产生的开销最小到适中。