Secure System Architecture Progression Framework Analysis

ryan bradetich center for secure and dependable n.w
1 / 30
Embed
Share

Explore the evolution of secure system architecture through a detailed framework analysis, including multicore architectures, memory structures, and hardware components like PowerPC processors and Cell Broadband Engine.

  • System Architecture
  • Multicore
  • Security Framework
  • Hardware Components
  • Memory Structures
rayaanacharya
ranylahb Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Ryan Bradetich Center for Secure and Dependable Systems University of Idaho

  2. Problem Statement Secure System Architecture Progression Framework Introduction MulticoreArchitecture Analysis Cell Broadband Engine Architecture (CBEA) Intel Core i (Nehalem) Freescale P4080 Question and Answers

  3. Centralized processing System High Improved processing power MLS Commodity hardware System High Multicore architectures MILS

  4. Memory I/O MIC SPE SPE SPE SPE IOIF0 I/O PPE SPE SPE SPE SPE IOIF1 L2 Cache Local Store L1 D L1 I SMT Core SPU Core

  5. CPU-0 SMT CPU-1 SMT CPU-2 SMT CPU-3 SMT L1 D L1 I L1 D L1 I L1 D L1 I L1 D L1 I L2 Cache L2 Cache L2 Cache L2 Cache Shared L3 Cache DDR3 Memory Controller Quick Path Interconnect I/O Memory

  6. Core Core Core Core L2 Cache e500mc Core Core Core Core Core SDRAM Controller Memory L3 Cache L1 D L1 I SDRAM Controller CoreNet Coherency Fabric L3 Cache I/O eLBC Controller Peripheral Controllers SEC PME RIO MU 2 x DMA QMan BMan On Chip Network Real-Time Debug 3 x PCIe 2 x sRIO FMan FMan 4 x 1GE 4 x 1GE 10GE 10GE SerDes

  7. Framework Steps 1. Identify components 2. Analyze information flows and identify safeguards 3. Apply security policy

  8. Red Red Networks Networks Top Secret Network Top Secret Network Black Network Secret Network Secret Network Guard Guard Confidential Network Confidential Network

  9. Memory I/O MIC SPE SPE SPE SPE IOIF0 I/O PPE SPE SPE SPE SPE IOIF1 L2 Cache Local Store L1 D L1 I SMT Core SPU Core

  10. Hardware Component Evaluated PowerPC Processor Element No Synergistic Processor Elements (8) Yes Element Interconnect Bus Yes Cell Broadband Engine Interface Units (2) Yes Memory Interface Controller Yes Pervasive Yes

  11. Memory I/O MIC SPE SPE SPE SPE IOIF0 Element Interconnect Bus I/O PPE SPE SPE SPE SPE IOIF1

  12. Not recommended for general purpose MILS multicore architecture SPE are not intended for general purpose processing. PPE must be trusted Blocking MFC communication channels provide covert communication channels.

  13. CPU-0 SMT CPU-1 SMT CPU-2 SMT CPU-3 SMT L1 D L1 I L1 D L1 I L1 D L1 I L1 D L1 I L2 Cache L2 Cache L2 Cache L2 Cache Shared L3 Cache DDR3 Memory Controller Quick Path Interconnect I/O Memory

  14. Hardware Component Evaluated Processor Cores (4) Partial Shared L3 Cache No Quick Path Interconnect No DDR3 Memory Controller No

  15. CPU-0 CPU-1 CPU-2 CPU-3 Shared L3 Cache DDR3 Memory Controller Quick Path Interconnect I/O Memory

  16. Processor Core Processor Core SMM (ring -2) SMM (ring -2) Hypervisor (ring -1) (VMX Extensions) Hypervisor (ring -1) (VMX Extensions) Guest OS (ring 0 3) Guest OS (ring 0 3)

  17. * SIPI Attack discovered by Invisible Things Labs

  18. CPU #0 (BSP) CPU #1 (AP) CPU #2 (AP) CPU #3 (AP) Shell Code 0xVV000 SIPI Network Interface Untrusted Driver (Malware)

  19. Not recommended for general purpose MILS multicore architecture 35 years of backwards compatibility VMM (ring -1) added via VMX extensions VMX extensions complex and error prone VMX extensions do not address timing channels SMM (ring -2) runs higher privilege than VMM Microcode updates provide reconfigurability TXT-trusted boot does not protect against SMM SMM subject to cache poisoning via MTRR

  20. Core Core Core Core L2 Cache e500mc Core Core Core Core Core SDRAM Controller Memory L3 Cache L1 D L1 I SDRAM Controller CoreNet Coherency Fabric L3 Cache I/O eLBC Controller Peripheral Controllers SEC PME RIO MU 2 x DMA QMan BMan On Chip Network Real-Time Debug 3 x PCIe 2 x sRIO FMan FMan 4 x 1GE 4 x 1GE 10GE 10GE SerDes

  21. Control Plane SMP OS Data Plane AMP OS Other Services AMP OS Core Core Core Core Core Core Core Core MMU MMU MMU MMU MMU MMU MMU MMU CoreNet Coherency Fabric PAMU PAMU PAMU CoreNet Platform Caches Peripheral Peripheral Peripheral Peripheral Peripheral Peripheral

  22. Hardware Component Evaluated e500mc Processor Cores (8) Yes CoreNet CoreNet Coherency Fabric CoreNet Platform Cache Yes DDR2/DDR3 SDRAM Controllers (2) Yes Enhanced Local Bus Controller Peripheral controllers Yes High Speed Peripheral Interface Complex PCI Express Controllers (3) RapidIO Message Unit Serial RapidIO Endpoints (2) Direct Memory Access Controllers (2) Yes

  23. Hardware Component Evaluated Data Path Acceleration Architecture Buffer Manager Queue Manager Frame Manager (2) Pattern Match Engine Security Encryption Engine Yes Real Time Debug Yes

  24. Core Core Core Core Core Core Core Core SDRAM Controller Memory L3 Cache SDRAM Controller CoreNet Coherency Fabric L3 Cache I/O eLBC Controller Peripheral Controllers SEC PME RIO MU 2 x DMA QMan BMan On Chip Network Real-Time Debug 3 x PCIe 2 x sRIO FMan FMan 4 x 1GE 4 x 1GE 10GE 10GE SerDes

  25. BMan requires QMan to mediate access to CoreNet. DPAA provides direct portal access between DPAA components. Covert communication channel using the Portal Query command.

  26. Core Core Core Core Core Core Core Memory CoreNet + SDRAM Controllers I/O eLBC Controller + Peripheral Controllers DPAA + Processor Core On Chip Network Real-Time Debug SerDes

  27. Not recommended for general purpose MILS multicore architecture Logical Partitioning architecture looked promising. Peripherals is where the architecture fell down.

  28. This framework shows how and why the hardware analysis can be separated from the security policy analysis. Initial component identification provides a roadmap and can foster intra-team and cross-team collaborations. Focus on information flows, safeguards, and shared components simplifies the analysis process. Consistent, reproducible, and peer- reviewable reports facilitate incremental analysis for minor hardware revisions. Safeguards organize and focus experiments on critical areas.

Related


Multicore Processors: Hardware and Software Perspectives

Multicore Processors: Hardware and Software Perspectives

fiona
Shared Memory Architectures and Cache Coherence

Shared Memory Architectures and Cache Coherence

itzel
Combined Assurance in Corporate Governance

Combined Assurance in Corporate Governance

eloisa
Trends in Computer Organization and Architecture

Trends in Computer Organization and Architecture

dina
Shared Memory Architectures and Cache Coherence

Shared Memory Architectures and Cache Coherence

henri
Efficient Dynamic Memory Management for Embedded Multicore Systems

Efficient Dynamic Memory Management for Embedded Multicore Systems

pavlosh
Fast Multicore Key-Value Storage Study

Fast Multicore Key-Value Storage Study

mccright_r
Systems-Oriented Concept Map Extension for Reactive Nitrogen Flows

Systems-Oriented Concept Map Extension for Reactive Nitrogen Flows

sala_696
Embedded Computer Architecture - Instruction Level Parallel Architectures Overview

Embedded Computer Architecture - Instruction Level Parallel Architectures Overview

ewish
Computer Systems and Operating System Architectures

Computer Systems and Operating System Architectures

matthis
UML Activity Diagrams in Software Design

UML Activity Diagrams in Software Design

shepardm
Multi-Processing in Computer Architecture

Multi-Processing in Computer Architecture

avis_582
Preliminary Results of Pilot Study on Illicit Financial Flows in Latin America

Preliminary Results of Pilot Study on Illicit Financial Flows in Latin America

trgs131
Study of Garbage Collector Scalability on Multicores

Study of Garbage Collector Scalability on Multicores

ctan
Evaluating Peer-Peer Systems in Distributed Architectures

Evaluating Peer-Peer Systems in Distributed Architectures

akutn
Multicore Memory Models and CPU Protection in Operating Systems

Multicore Memory Models and CPU Protection in Operating Systems

ble_b
Software Design Considerations for Multicore CPUs

Software Design Considerations for Multicore CPUs

hunn_j
KeyStone Multicore Navigator for Efficient Data Transport

KeyStone Multicore Navigator for Efficient Data Transport

kara_540
Cooperative Cache Scrubbing for Efficient Memory Management in Multicore Systems

Cooperative Cache Scrubbing for Efficient Memory Management in Multicore Systems

yuv_s
Data-Parallel Programming using SaC: The Multicore Challenge and Beyond

Data-Parallel Programming using SaC: The Multicore Challenge and Beyond

mxae
Streamlining Verification and Independent Assurance for Global Diving Operations

Streamlining Verification and Independent Assurance for Global Diving Operations

gjime
Distributed System Architectures: Software for Multiple Processors

Distributed System Architectures: Software for Multiple Processors

apain

More Related Content