Reference : Architectural Support for Hypervisor-Level Intrusion Tolerance in MPSoCs

	Document type :	Dissertations and theses : Doctoral thesis
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/50822

Title :	Architectural Support for Hypervisor-Level Intrusion Tolerance in MPSoCs
Language :	English
Author, co-author :	Pinto Gouveia, Inês [University of Luxembourg > Faculty of Science, Technology and Medecine (FSTM) > >]
Publication date :	21-Feb-2022
Institution :	University of Luxembourg, ​Esch-sur-Alzette, ​​Luxembourg
Name of the degree :	Docteur en Informatique
Number of pages :	144
Supervisor :	Volp, Marcus
President of the jury :	Ryan, Peter Y A
	Fridgen, Gilbert
Member of the jury :	Casimiro, António
	Fohler, Gerhard
Keywords :	[en] Fault and Intrusion Tolerance ; Hardware Architecture ; Tightly-Coupled Systems
Abstract :	[en] Increasingly, more aspects of our lives rely on the correctness and safety of computing systems, namely in the embedded and cyber-physical (CPS) domains, which directly affect the physical world. While systems have been pushed to their limits of functionality and efficiency, security threats and generic hardware quality have challenged their safety. Leveraging the enormous modular power, diversity and flexibility of these systems, often deployed in multi-processor systems-on-chip (MPSoC), requires careful orchestration of complex and heterogeneous resources, a task left to low-level software, e.g., hypervisors. In current architectures, this software forms a single point of failure (SPoF) and a worthwhile target for attacks: once compromised, adversaries can gain access to all information and full control over the platform and the environment it controls, for instance by means of privilege escalation and resource allocation. Currently, solutions to protect low-level software often rely on a simpler, underlying trusted layer which is often a SPoF itself and/or exhibits downgraded performance. Architectural hybridization allows for the introduction of trusted-trustworthy components, which combined with fault and intrusion tolerance (FIT) techniques leveraging replication, are capable of safely handling critical operations, thus eliminating SPoFs. Performing quorum-based consensus on all critical operations, in particular privilege management, ensures no compromised low-level software can single handedly manipulate privilege escalation or resource allocation to negatively affect other system resources by propagating faults or further extend an adversary’s control. However, the performance impact of traditional Byzantine fault tolerant state-machine replication (BFT-SMR) protocols is prohibitive in the context of MPSoCs due to the high costs of cryptographic operations and the quantity of messages exchanged. Furthermore, fault isolation, one of the key prerequisites in FIT, presents a complicated challenge to tackle, given the whole system resides within one chip in such platforms. There is so far no solution completely and efficiently addressing the SPoF issue in critical low-level management software. It is our aim, then, to devise such a solution that, additionally, reaps benefit of the tight-coupled nature of such manycore systems. In this thesis we present two architectures, using trusted-trustworthy mechanisms and consensus protocols, capable of protecting all software layers, specifically at low level, by performing critical operations only when a majority of correct replicas agree to their execution: iBFT and Midir. Moreover, we discuss ways in which these can be used at application level on the example of replicated applications sharing critical data structures. It then becomes possible to confine software-level faults and some hardware faults to the individual tiles of an MPSoC, converting tiles into fault containment domains, thus, enabling fault isolation and, consequently, making way to high-performance FIT at the lowest level.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Critical and Extreme Security and Dependability Research Group (CritiX)
Funders :	Fonds National de la Recherche - FnR
Permalink :	http://hdl.handle.net/10993/50822
FnR project :	FnR ; FNR12686210 > Marcus Völp > HyLIT > Architectural Support For Intrusion Tolerant Operating-system Kernels > 01/11/2018 > 31/10/2021 > 2018

	File(s) associated to this reference
	Fulltext file(s): File Commentary Version Size Access Open access Thesis - Final Print Version.pdf Author postprint 3.56 MB View/Open

All documents in ORBi^lu are protected by a user license.

 

University of Luxembourg Library |  Feedback |  Legal notices Site Map