Implementing Memory Protection Primitives on Reconfigurable Hardware

1
Implementing Memory Protection Primitives on
Reconfigurable Hardware
Brett Brotherton Nick Callegari Ted Huffmire
2
Project Goals

• Evaluate security primitives for reconfigurable
  hardware
• Build a real system with multiple cores
• Design a security policy for the system
• Efficient memory system performance
• Programmatic interface to system

3
Reconfigurable Protection
4
Reference Monitor
5
Moats
6
System Overview
ublaze 1
ublaze 1
Ref Monitor/Arbiter
OPB
Shared External Memory
AES Core
Ethernet
RS232
7
Ethernet

• Have integrated an ethernet core into the system
• Designed Software to communicate over TCP with
  the processor
• Can send data and operation and get back
  encrypted/decrypted data

8
Software For Microblaze

• Have modified the serial code to work with new
  file format.
• Can receive and process files over serial and
  Etherenet
• Have set up two processor system and ran
  simultaneous applications

9
Reference Monitor and OPB

• First Integrated reference monitor with OPB block
  ram controller
• Functions correctly low latency and overhead
• Next integrated reference monitor with the OPB
• Can regulate access to any of the slave
  peripherals on the bus
• Adds one cycle to the latency
• No way to get around this really?

10
Still To finish

• Design reference monitor with new stateful
  security policy
• Integrate this with the system and run tests
• Test Microblaze software with new file sending
  application

11
User Interface

• Currently using Hyperterminal to connect to AES
  core via serial connection
• Tested using 128 bit key data manually parsed
  into 32 bit lines and sent via Hyperterminal.
• GOAL
• Incorporate a User Interface to allow the user to
  select a data file and key file and receive the
  corresponding result

s 5 8 16 16 0 0 0 0 ce537f5e 5a567cc9 966d9259 033
6763e 6a118a87 4519e64e 9963798a 503f1d35
12
User Interface

• Progress
• Implemented User Interface in C to allow more
  functionality and user friendliness.
• ENCRYPT OF DECRYPT? 1-ENCRYPT2-DECRYPT
• INPUT FILENAME
• KEY FILENAME
• OUTPUT SENT TO OUTPUT.TXT
• Modularized functionality
• Currently implemented serial socket coding to
  allow user to connect to Xilinx board. Functions
  enabled to listen to the board and output the
  encrypted/decrypted data to a text file

13
User Interface

• Future Work
• The main goal is the Memory Reference Monitor
• Key ingredient
• Multiple cores accessing Shared Memory
• User interfaces role
• Incorporate UI for multiple I/O (Serial
  Ethernet)
• Each I/O can have its own corresponding core.
• Merge Bretts Ethernet interface with the Serial
  Interface, and allow user to specify which
  platform to connect to the Xilinx board.