Doctoral thesis (Dissertations and theses)
Architectural Support for Hypervisor-Level Intrusion Tolerance in MPSoCs
PINTO GOUVEIA, Ines
2022
 

Files


Full Text
Thesis - Final Print Version.pdf
Author postprint (3.65 MB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
Fault and Intrusion Tolerance; Hardware Architecture; Tightly-Coupled Systems
Abstract :
[en] Increasingly, more aspects of our lives rely on the correctness and safety of computing systems, namely in the embedded and cyber-physical (CPS) domains, which directly affect the physical world. While systems have been pushed to their limits of functionality and efficiency, security threats and generic hardware quality have challenged their safety. Leveraging the enormous modular power, diversity and flexibility of these systems, often deployed in multi-processor systems-on-chip (MPSoC), requires careful orchestration of complex and heterogeneous resources, a task left to low-level software, e.g., hypervisors. In current architectures, this software forms a single point of failure (SPoF) and a worthwhile target for attacks: once compromised, adversaries can gain access to all information and full control over the platform and the environment it controls, for instance by means of privilege escalation and resource allocation. Currently, solutions to protect low-level software often rely on a simpler, underlying trusted layer which is often a SPoF itself and/or exhibits downgraded performance. Architectural hybridization allows for the introduction of trusted-trustworthy components, which combined with fault and intrusion tolerance (FIT) techniques leveraging replication, are capable of safely handling critical operations, thus eliminating SPoFs. Performing quorum-based consensus on all critical operations, in particular privilege management, ensures no compromised low-level software can single handedly manipulate privilege escalation or resource allocation to negatively affect other system resources by propagating faults or further extend an adversary’s control. However, the performance impact of traditional Byzantine fault tolerant state-machine replication (BFT-SMR) protocols is prohibitive in the context of MPSoCs due to the high costs of cryptographic operations and the quantity of messages exchanged. Furthermore, fault isolation, one of the key prerequisites in FIT, presents a complicated challenge to tackle, given the whole system resides within one chip in such platforms. There is so far no solution completely and efficiently addressing the SPoF issue in critical low-level management software. It is our aim, then, to devise such a solution that, additionally, reaps benefit of the tight-coupled nature of such manycore systems. In this thesis we present two architectures, using trusted-trustworthy mechanisms and consensus protocols, capable of protecting all software layers, specifically at low level, by performing critical operations only when a majority of correct replicas agree to their execution: iBFT and Midir. Moreover, we discuss ways in which these can be used at application level on the example of replicated applications sharing critical data structures. It then becomes possible to confine software-level faults and some hardware faults to the individual tiles of an MPSoC, converting tiles into fault containment domains, thus, enabling fault isolation and, consequently, making way to high-performance FIT at the lowest level.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Critical and Extreme Security and Dependability Research Group (CritiX)
Disciplines :
Computer science
Author, co-author :
PINTO GOUVEIA, Ines ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX
Language :
English
Title :
Architectural Support for Hypervisor-Level Intrusion Tolerance in MPSoCs
Defense date :
21 February 2022
Number of pages :
144
Institution :
Unilu - University of Luxembourg, Esch-sur-Alzette, Luxembourg
Degree :
Docteur en Informatique
Promotor :
Jury member :
Casimiro, António
Fohler, Gerhard
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR12686210 - Architectural Support For Intrusion Tolerant Operating-system Kernels, 2018 (01/11/2018-31/10/2021) - Marcus Völp
Name of the research project :
HyLIT
Funders :
FNR - Fonds National de la Recherche
Available on ORBilu :
since 26 April 2022

Statistics


Number of views
179 (38 by Unilu)
Number of downloads
141 (37 by Unilu)

Bibliography


Similar publications



Contact ORBilu