research-article

Dynamic security domain scaling on embedded symmetric multiprocessors

Authors:

Kazuhisa Ishizaka,

Masato EdahiroAuthors Info & Claims

ACM Transactions on Design Automation of Electronic Systems (TODAES), Volume 14, Issue 2

Article No.: 24, Pages 1 - 23

https://doi.org/10.1145/1497561.1497567

Published: 07 April 2009 Publication History

Abstract

We propose a method for dynamic security-domain scaling on SMPs that offers both highly scalable performance and high security for future high-end embedded systems. Its most important feature is its highly efficient use of processor resources, accomplished by dynamically changing the number of processors within a security-domain (i.e., dynamically yielding processors to other security-domains) in response to application load requirements. Two new technologies make this scaling possible without any virtualization software: (1) self-transition management and (2) unified virtual address mapping. Evaluations show that this domain control provides highly scalable performance and incurs almost no performance overhead in security-domains. The increase in OSs in binary code size is less than 1.5%, and the time required for individual state transitions is on the order of a single millisecond. This scaling is the first in the world to make possible the dynamic changing of the number of processors within a security-domain on an ARM SMP.

References

[1]

Adams, K. and Agesen, O. 2006. A comparison of software and hardware techniques for x86 virtualization. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems. 2--13.

Digital Library

[2]

Amd. 2005. AMD64 Virtualization Codenamed “Pacifica” Technology: Secure Virtual Machine Architecture Reference Manual. http://www.cs.utexas.edu/users/hunt/class/2005-fall/cs352/docsem64t/AMD/virtualization-33047.pdf.

[3]

Arm. 2004. AMBA AXI protocol. Version 1.0.

[4]

Arm. 2006. ARM11 MPCore Processor Technical Reference Manual. Rev. r1p0.

[5]

Armstrong, W. J., Arndt, R. L., Boutcher, D. C., Kovacs, R. G., Larson, D., Lucke, K. A., Nayer, N., and Swanberg, R. C. 2005. Advanced virtualization capabilities of POWER5 systems. IBM J. Res. Develop. 49, 4/5, 523--532.

Digital Library

[6]

Baratloo, A., Singh, N., and Tsai, T. K. 2000. Transparent run-time defense against stack smashing attacks. In Proceedings of the USENIX Annual Technical Conference. 251--262.

Digital Library

[7]

Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., and Andwarfield, A. 2003. Xen and the art of virtualization. In Proceedings of the ACM Symposium on Operating Systems Principles. 164--177.

Digital Library

[8]

Bhattacharya, K. and Ranganathan, N. 2008. A linear programming formulation for security-aware gate sizing. In Proceedings of the ACM Great Lakes Symposium on VLSI. 273--278.

Digital Library

[9]

Coburn, J., Ravi, S., Raghunathan, A., and Chakradhar, S. 2005. SECA: Security-enhanced communication architecture. In Proceedings of the ACM International Conference on Compilers, Architecture and Synthesis for Embedded Systems. 78--89.

Digital Library

[10]

Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., and Zhang, Q. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Annual Technical Conference. 63--78.

Digital Library

[11]

Dike, J. 2000. A user-mode port of the Linux kernel. In Proceedings of the 4th Annual Linux Showcase and Conference. 63--72.

Digital Library

[12]

Evans, D. and Larochelle, D. 2002. Improving security using extensible lightweight static analysis. IEEE Softw. 19, 1, 42--51.

Digital Library

[13]

Fiolin, L., Palermo, G., Lukovic, S, and Silvano, C. 2007. A data protection unit for NoC-based architectures. In Proceedings of the IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis. 167--172.

Digital Library

[14]

Gebotys, C. 2006. A split mask countermeasure for low energy secure embedded systems. ACM Trans. Embedd. Comput. Syst. 5, 3, 577--612.

Digital Library

[15]

Gondo, M. 2006. Blending asymmetric and symmetric multiprocessing with a single OS on ARM11 MPCore. Inform. Quar. 5, 4, 38--43.

[16]

Inoue, H., Anjo, K., Wakabayashi, M., Tanabe, J., Amano, H., Yamamoto, J., Sato, M., and Hiraki, K. 1999. The preliminary evaluation of MBP-light with two protocol policies for a massively parallel processor--JUMP-1. In Proceedings of the Symposium on the Frontiers of Massively Parallel Computation. 268--275.

Digital Library

[17]

Inoue, H., Ikeno, A., Kondo, M., Sakai, J., and Edahiro, M. 2005. FIDES: An advanced chip multiprocessor platform for secure next generation mobile terminals. In Proceedings of the IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis. 178--183.

Digital Library

[18]

Inoue, H., Ikeno, A., Abe, T., Sakai, J., and Edahiro, M. 2007. Dynamic security domain scaling on symmetric multiprocessors for future high-end embedded systems. In Proceedings of the IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis. 39--44.

Digital Library

[19]

Inoue, H., Sakai, J., and Edahiro, M. 2008. Processor virtualization for secure mobile terminals. ACM Trans. Des. Autom. Electron. Syst. 13, 3, 1--23.

Digital Library

[20]

INTEL and NTT DOCOMO. 2006. Open and secure terminal initiative (OSTI) architecture specification. Rev. 1.00. http://www.nttdocomo.co.jp/binary/pdf/corporate/technology/osti/OSTI_Arch_R1_00.pdf.

[21]

Ishikawa, S., Yamabana, K., Isotani, R., and Okumura, A. 2006. Parallel LVCSR algorithm for cellphone-oriented multicore processors. In Proceedings of the International Conference on Acoustics, Speech, and Signal Processing. Vol. 1, 177--180.

[22]

Lenoski, D., Laudon, J., Gharachorloo, K., Weber, W.-D., Gupta, A., Hennessy, J., Horowitz M., and Lam, M. S. 1992. The Stanford dash multiprocessor. IEEE Computer 25, 3, 63--79.

Digital Library

[23]

Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., and Horowitz, M. 2000. Architectural support for copy and tamper resistant software. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems. 168--178.

Digital Library

[24]

Loscocco, P. and Smalley, S. 2001. Integrating flexible support for security policies into the Linux operating system. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX '01). 29--42.

Digital Library

[25]

McVoy, L. and Staelin, C. 1996. Lmbench: Portable tools for performance analysis. In Proceedings of the USENIX Annual Technical Conference. 279--294.

Digital Library

[26]

Neiger, G., Santoni, A., Leung, F., Rodgers, D., and Uhlig, R. 2006. Intel virtualization technology: Hardware support for efficient processor virtualization. Intel Tech. J. 10, 3, 167--177.

[27]

Openwall Project. 2001. (http://www.openwall.com/linux/README.shtml), Linux kernel patch from the Openwall Project.

[28]

Mwaikambo, Z., Raj, A., Russell, R., Schopp, J., and Vaddagiri, S. 2004. Linux kernel hotplug CPU support. In Proceedings of the Linux Symposium. Vol. 2, 467--480.

[29]

Patel, K., Parameswaran, S., and Shee, S. L. 2007. Ensuring secure program execution in multiprocessor embedded systems: A Case Study. In Proceedings of the IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis. 57--62.

Digital Library

[30]

Qnx. 2006. Multi-Core. Technology development kit. http://www.qnx.com/download/download/12449/194.09_Multicore_TDK_p41.pdf.

[31]

Secure Software. 2001. Rough auditing tool for security (RATS). http://www. securesoftware.com/rats.php.

[32]

Sugerman, J., Venkitachalam, G., and Lim, B. 2001. Virtualizing I/O devices on VMware workstation's hosted virtual machine monitor. In Proceedings of the USENIX Annual Technical Conference. 1--14.

Digital Library

[33]

Suh, G. E., O'Donnell, C. W., Sachdev, I., and Devadas, S. 2005. Design and implementation of the AEGIS single-chip secure processor using physical random functions. In Proceedings of the International Symposium on Computer Architecture. 25--36.

Digital Library

[34]

TCG. 2006. TPM main part 1 design principles. Specification ver. 1.2, rev. 94. https://www. trustedcomputinggroup.org/specs/TPM/Main_Part1_Rev94.zip.

[35]

Tiri, K. and Verbauwhede, I. 2006. A digital design flow for secure integrated circuits. IEEE Trans. Comput. Aid. Des. 25, 7, 1197--1208.

Digital Library

[36]

Zhang, Y., Gao, L., Yang, J., Zhang, X., and Gupta, R. 2005. SENSS: Security enhancement to symmetric shared memory multiprocessors. In Proceedings of the International Symposium on High-Performance Computer Architecture. 352--362.

Digital Library

Cited By

Eckert MHaase JMeyer DKlauer B(2016)Architectural requirements for constructing hardware supported sandboxes2016 International Conference on FPGA Reconfiguration for General-Purpose Computing (FPGA4GPC)10.1109/FPGA4GPC.2016.7518532(37-42)Online publication date: May-2016
https://doi.org/10.1109/FPGA4GPC.2016.7518532
Kapoor HRao GArshi STrivedi G(2013)A Security Framework for NoC Using Authenticated Encryption and Session KeysCircuits, Systems, and Signal Processing10.1007/s00034-013-9568-532:6(2605-2622)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1007/s00034-013-9568-5
Sajeesh KKapoor H(2011)An Authenticated Encryption Based Security Framework for NoC ArchitecturesProceedings of the 2011 International Symposium on Electronic System Design10.1109/ISED.2011.17(134-139)Online publication date: 19-Dec-2011
https://dl.acm.org/doi/10.1109/ISED.2011.17

Index Terms

Dynamic security domain scaling on embedded symmetric multiprocessors
1. Computer systems organization
  1. Architectures
    1. Other architectures
      1. Special purpose systems
  2. Embedded and cyber-physical systems
    1. Embedded systems
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Embedded software
      2. Real-time systems software

Recommendations

Dynamic security domain scaling on symmetric multiprocessors for future high-end embedded systems
CODES+ISSS '07: Proceedings of the 5th IEEE/ACM international conference on Hardware/software codesign and system synthesis

We propose a method for dynamic security domain scaling on SMPs that offers both highly scalable performance and high security for future high-end embedded systems. Its most important feature is its highly efficient use of processor resources, ...
Performance characteristics of openMP constructs, and application benchmarks on a large symmetric multiprocessor
ICS '03: Proceedings of the 17th annual international conference on Supercomputing

With the increasing popularity of small to large-scale symmetric multiprocessor (SMP) systems, there has been a dire need to have sophisticated, and flexible development and runtime environments for efficient and rapid development of parallel ...
Scheduling dynamic OpenMP applications over multicore architectures
IWOMP'08: Proceedings of the 4th international conference on OpenMP in a new era of parallelism

Approaching the theoretical performance of hierarchical multicoremachines requires a very careful distribution of threads and dataamong the underlying non-uniform architecture in order to minimizecache misses and NUMA penalties. While it is acknowledged ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Design Automation of Electronic Systems

ACM Transactions on Design Automation of Electronic Systems Volume 14, Issue 2

March 2009

384 pages

ISSN:1084-4309

EISSN:1557-7309

DOI:10.1145/1497561

Issue’s Table of Contents

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 07 April 2009

Accepted: 01 November 2008

Revised: 01 September 2008

Received: 01 October 2007

Published in TODAES Volume 14, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
373
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Eckert MHaase JMeyer DKlauer B(2016)Architectural requirements for constructing hardware supported sandboxes2016 International Conference on FPGA Reconfiguration for General-Purpose Computing (FPGA4GPC)10.1109/FPGA4GPC.2016.7518532(37-42)Online publication date: May-2016
https://doi.org/10.1109/FPGA4GPC.2016.7518532
Kapoor HRao GArshi STrivedi G(2013)A Security Framework for NoC Using Authenticated Encryption and Session KeysCircuits, Systems, and Signal Processing10.1007/s00034-013-9568-532:6(2605-2622)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1007/s00034-013-9568-5
Sajeesh KKapoor H(2011)An Authenticated Encryption Based Security Framework for NoC ArchitecturesProceedings of the 2011 International Symposium on Electronic System Design10.1109/ISED.2011.17(134-139)Online publication date: 19-Dec-2011
https://dl.acm.org/doi/10.1109/ISED.2011.17

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents