Reference : Architectural Support for Hypervisor-Level Intrusion Tolerance in MPSoCs
Dissertations and theses : Doctoral thesis
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/50822
Architectural Support for Hypervisor-Level Intrusion Tolerance in MPSoCs
English
Pinto Gouveia, Inês mailto [University of Luxembourg > Faculty of Science, Technology and Medecine (FSTM) > >]
21-Feb-2022
University of Luxembourg, ​Esch-sur-Alzette, ​​Luxembourg
Docteur en Informatique
144
Volp, Marcus mailto
Ryan, Peter Y A mailto
Fridgen, Gilbert mailto
Casimiro, António mailto
Fohler, Gerhard mailto
[en] Fault and Intrusion Tolerance ; Hardware Architecture ; Tightly-Coupled Systems
[en] Increasingly, more aspects of our lives rely on the correctness and safety of computing systems, namely in the embedded and cyber-physical (CPS) domains, which directly affect the physical world. While systems have been pushed to their limits of functionality and efficiency, security threats and generic hardware quality have challenged their safety.
Leveraging the enormous modular power, diversity and flexibility of these systems, often deployed in multi-processor systems-on-chip (MPSoC), requires careful orchestration of complex and heterogeneous resources, a task left to low-level software, e.g., hypervisors. In current architectures, this software forms a single point of failure (SPoF) and a worthwhile target for attacks: once compromised, adversaries can gain access to all information and full control over the platform and the environment it controls, for instance by means of privilege escalation and resource allocation. Currently, solutions to protect low-level software often rely on a simpler, underlying trusted layer which is often a SPoF itself and/or exhibits downgraded performance.
Architectural hybridization allows for the introduction of trusted-trustworthy components, which combined with fault and intrusion tolerance (FIT) techniques leveraging replication, are capable of safely handling critical operations, thus eliminating SPoFs. Performing quorum-based consensus on all critical operations, in particular privilege management, ensures no compromised low-level software can single handedly manipulate privilege escalation or resource allocation to negatively affect other system resources by propagating faults or further extend an adversary’s control. However, the performance impact of traditional Byzantine fault tolerant state-machine replication (BFT-SMR) protocols is prohibitive in the context of MPSoCs due to the high costs of cryptographic operations and the quantity of messages exchanged. Furthermore, fault isolation, one of the key prerequisites in FIT, presents a complicated challenge to tackle, given the whole system resides within one chip in such platforms.
There is so far no solution completely and efficiently addressing the SPoF issue in critical low-level management software. It is our aim, then, to devise such a solution that, additionally, reaps benefit of the tight-coupled nature of such manycore systems. In this thesis we present two architectures, using trusted-trustworthy mechanisms and consensus protocols, capable of protecting all software layers, specifically at low level, by performing critical operations only when a majority of correct replicas agree to their execution: iBFT and Midir. Moreover, we discuss ways in which these can be used at application level on the example of replicated applications sharing critical data structures. It then becomes possible to confine software-level faults and some hardware faults to the individual tiles of an MPSoC, converting tiles into fault containment domains, thus, enabling fault isolation and, consequently, making way to high-performance FIT at the lowest level.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Critical and Extreme Security and Dependability Research Group (CritiX)
Fonds National de la Recherche - FnR
http://hdl.handle.net/10993/50822
FnR ; FNR12686210 > Marcus Völp > HyLIT > Architectural Support For Intrusion Tolerant Operating-system Kernels > 01/11/2018 > 31/10/2021 > 2018

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
Thesis - Final Print Version.pdfAuthor postprint3.56 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.