On-chip replication - Look what the others did

Fault and intrusion tolerance; hardware; resilience; systems architecture; Hardware; Intrusion tolerance; On chips; Performance; Power; Resilience; Safety and securities; Security-critical; Systems architecture; Computer Science (all); Materials Science (all); Engineering (all)

Abstract :

[en] As resilience challenges evolve, namely in safety- and security-critical environments, the demand for cost-efficient, automated and unattended fault and intrusion tolerance (FIT) grows. However, current on-chip solutions typically target only accidental faults and rely on some form of application-specific redundancy, a single-point-of-failure (SPoF) management software layer or synchrony-reliant protocols. Plus, they are often performance heavy and costly for the emerging tightly-coupled systems in terms of area and power consumption. In this paper, we investigate novel ways to apply high-performance FIT by using replication of a lightweight agreement protocol, iBFT, executed with the aid of hardware trusted-trustworthy memory tag accelerators, to avoid misuse of critical operations and SPoFs. We introduce an FPGA-based implementation of iBFT under two fault models, evaluate their performance, area usage, and power consumption on a Zynq ZC702 FPGA and compare it with other state-of-the-art protocols. Additionally, we implement and evaluate a software-based emulation of a potential microcode implementation.

Disciplines :

Computer science

Author, co-author :

Gouveia, Ines Pinto ; King Abdullah University of Science and Technology (KAUST), CEMSE Division, RC3 Center, Thuwal, Saudi Arabia

GRACZYK, Rafal ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust > CritiX > Team Marcus VOLP

Esteves-Verissimo, Paulo; King Abdullah University of Science and Technology (KAUST), CEMSE Division, RC3 Center, Thuwal, Saudi Arabia

VÖLP, Marcus ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX

External co-authors :

yes

Language :

English

Title :

On-chip replication - Look what the others did

Publication date :

2024

Journal title :

IEEE Access

ISSN :

2169-3536

Publisher :

Institute of Electrical and Electronics Engineers Inc.

Pages :

1-1

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

http://xplorestaging.ieee.org/ielx8/6287639/6514899/10723296.pdf?arnumber=10723296

Funders :

Fonds National de la Recherche Luxembourg

Funding text :

This work was supported by the Fonds National de la Recherche (FNR) [C18/IS/12686210/HyLIT].

Available on ORBilu :

since 18 November 2024

Statistics

Number of views

30 (0 by Unilu)

Number of downloads

7 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

Tyson T Brooks, Carlos Caicedo, and Joon S Park. Security vulnerability analysis in virtualized computing environments. International Journal of Intelligent Computing Research, 3(1/2):277–291, 2012.
Alex Depoutovitch and Michael Stumm. Otherworld: Giving Applications a Chance to Survive OS Kernel Crashes. In Proceedings of the 5th European Conference on Computer Systems, EuroSys’10, pages 181–194. ACM, 2010.
Cristiana Bolchini, Matteo Carminati, and Antonio Miele. Self-Adaptive Fault Tolerance in Multi-/Many-Core Systems. J. Electron. Test., 29(2):159–175, 2013.
Dmitrii Kuvaiskii, Rasha Faqueh, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. HAFT: Hardware-assisted Fault Tolerance. In 11th European Conference on Computer Systems (EuroSys), pages 1–17, 2016.
Swaminathan Sundararaman, Sriram Subramanian, Abhishek Rajimwale, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, and Michael M. Swift. Membrane: Operating System Support for Restartable File Systems. Trans. Storage, 6(3):11:1–11:30, 2010.
Michael M. Swift, Muthukaruppan Annamalai, Brian N. Bershad, and Henry M. Levy. Recovering Device Drivers. ACM Trans. Comput. Syst., 24(4):333–360, 2006.
Feng Zhou, Jeremy Condit, Zachary Anderson, Ilya Bagrak, Rob Ennals, Matthew Harren, George Necula, and Eric Brewer. SafeDrive: Safe and Recoverable Extensions Using Language-based Techniques. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7, OSDI’06, pages 4–4. USENIX Association, 2006.
Kevin Elphinstone and Yanyan Shen. Increasing the trustworthiness of commodity hardware through software. In 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2013.
Eric Keller, Jakub Szefer, Jennifer Rexford, and Ruby B. Lee. NoHype: Virtualized Cloud Infrastructure without the Virtualization. In 37th International Symposium on Computer Architecture (ISCA’10), 2010.
Roger M. Needham and Maurice V. Wilkes. Domains of Protection and the Management of Processes. The Computer Journal, 17(2), 1974.
Nils Asmussen, Marcus Völp, Benedikt Nöthen, Hermann Härtig, and Gerhard Fettweis. M3: A Hardware/Operating-System Co-Design to Tame Heterogeneous Manycores. In Architectural Support for Programming Languages and Operating Systems. ACM, 2016.
John Chapin, Mendel Rosenblum, Scott Devine, Tirthankar Lahiri, Dan Teodosiu, and Anoop Gupta. Hive: Fault Containment for Shared-Memory Multiprocessors. In Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles, SOSP’95, pages 12–25. ACM, 1995.
Nickolai Zeldovich, Hari Kannan, Michael Dalton, and Christos Kozyrakis. Hardware Enforcement of Application Security Policies Using Tagged Memory. In OSDI, volume 8, pages 225–240, 2008.
Neeraj Gandhi, Edo Roth, Brian Sandler, Andreas Haeberlen, and Linh Thi Xuan Phan. REBOUND: Defending Distributed Systems Against Attacks with Bounded-Time Recovery. In Proceedings of the Sixteenth European Conference on Computer Systems, pages 523–539, 2021.
Jonathan Woodruff, Robert N.M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. The CHERI Capability Model: Revisiting RISC in an Age of Risk. In Proceeding of the 41st Annual International Symposium on Computer Architecuture, ISCA’14, pages 457–468. IEEE Press, 2014.
Jorrit N. Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S. Tanenbaum. Construction of a Highly Dependable Operating System. In Proceedings of the Sixth European Dependable Computing Conference, EDCC’06, pages 3–12. IEEE Computer Society, 2006.
Ruslan Nikolaev and Godmar Back. VirtuOS: An Operating System with Kernel Virtualization. In Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, SOSP’13, pages 116–132. ACM, 2013.
Francis M. David, Ellick M. Chan, Jeffrey C. Carlyle, and Roy H. Campbell. CuriOS: Improving Reliability Through Operating System Structure. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI’08, pages 59–72. USENIX Association, 2008.
Andrew Lenharth, Vikram S. Adve, and Samuel T. King. Recovery Domains: An Organizing Principle for Recoverable Operating Systems. In Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XIV, pages 49–60. ACM, 2009.
Koustubha Bhat, Dirk Vogt, Erik van der Kouwe, Ben Gras, Lionel Sambuc, Andrew S. Tanenbaum, Herbert Bos, and Cristiano Giuffrida. OSIRIS: Efficient and Consistent Recovery of Compartmentalized Operating Systems. In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 25–36, 2016.
Kinshuk Govil, Dan Teodosiu, Yongqiang Huang, and Mendel Rosenblum. Cellular Disco: Resource Management Using Virtual Clusters on Shared-Memory Multiprocessors. In Proceedings of the Seventeenth ACM Symposium on Operating Systems Principles, SOSP’99, pages 154–169. ACM, 1999.
David Gens. OS-Level Attacks and Defenses: From Software to Hardware-Based Exploits, 2018.
Martin Hoffmann, Christian Dietrich, and Daniel Lohmann. Failure by Design: Influence of the RTOS Interface on Memory Fault Resilience. In German Society of Informatics, editor, Proceedings of the 2nd GI Workshop on Software-Based Methods for Robust Embedded Systems (SOBRES’13), 2013.
William J Dally and Brian Towles. Route Packets, Not Wires: On-Chip Interconnection Networks. In Proceedings of the 38th annual design automation conference, pages 684–689, 2001.
Wayne Wolf, Ahmed Amine Jerraya, and Grant Martin. Multiprocessor system-on-chip (MPSoC) technology. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 27(10):1701–1713, 2008.
Geoffrey Blake, Ronald G Dreslinski, and Trevor Mudge. A survey of multicore processors. IEEE Signal Processing Magazine, 26(6):26–37, 2009.
Michael Engel and Björn Döbel. The reliable computing base: A paradigm for software-based reliability. In Workshop on SOBRES, 2012.
Inês Pinto Gouveia, Marcus Völp, and Paulo Esteves-Verissimo. Behind the Last Line of Defense: Surviving SoC Faults and Intrusions. Computers & Security, 123:102920, 2022.
Abdullah Al-Boghdady, Khaled Wassif, and Mohammad El-Ramly. The Presence, Trends, and Causes of Security Vulnerabilities in Operating Systems of IoT’s Low-End Devices. Sensors, 21(7):2329, 2021.
BP Prabahar and BE Edwin. Survey on virtual machine security. International Journal of Advanced Research in Computer Engineering Technology (IJARCET), 1(8):115–121, 2012.
Louis Turnbull and Jordan Shropshire. Breakpoints: An analysis of potential hypervisor attack vectors. In 2013 Proceedings of IEEE Southeastcon, pages 1–6. IEEE, 2013.
Ammarit Thongthua and Sudsanguan Ngamsuriyaroj. Assessment of hypervisor vulnerabilities. In 2016 International conference on cloud computing research and innovations (ICCCRI), pages 71–77. IEEE, 2016.
Dina Zoughbi and Nitul Dutta. Hypervisor Vulnerabilities and Some Defense Mechanisms, in Cloud Computing Environment. International Journal of Innovative Technology and Exploring Engineering, 10:42–48, 2020.
KA Scarfone. Guide to security for full virtualization technologies, volume 800. DIANE Publishing, 2011.
Salman Iqbal, Miss Laiha Mat Kiah, Babak Dhaghighi, Muzammil Hussain, Suleman Khan, Muhammad Khurram Khan, and Kim-Kwang Raymond Choo. On cloud security attacks: A taxonomy and intrusion detection and prevention as a service. Journal of Network and Computer Applications, 74:98–120, 2016.
Ying C. Yeh. Triple-triple redundant 777 primary flight computer. In 1996 IEEE Aerospace Applications Conference. Proceedings, volume 1, pages 293–307. IEEE, 1998.
Pascal Traverse, Isabelle Lacaze, and Jean Souyris. Airbus fly-by-wire: A total approach to dependability. In Building the Information Society, pages 191–212. Springer, 2004.
Luigi Mancini. Modular redundancy in a message passing system. IEEE transactions on software engineering, 1:79–86, 1986.
Hermann Kopetz and Günther Bauer. The time-triggered architecture. Proceedings of the IEEE, 91(1):112–126, 2003.
Yanyan Shen, Gernot Heiser, and Kevin Elphinstone. Fault Tolerance Through Redundant Execution on COTS Multicores: Exploring TradeOffs. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 188–200. IEEE, 2019.
Paulo Veríssimo. Uncertainty and predictability: Can they be reconciled? In Future Directions in Distributed Computing: Research and Position Papers, pages 108–113. Springer, 2003.
Subodha Charles and Prabhat Mishra. A Survey of Network-on-Chip Security Attacks and Countermeasures. ACM Computing Surveys (CSUR), 54(5):1–36, 2021.
Cynthia Dwork, Nancy Lynch, and Larry Stockmeyer. Consensus in the presence of partial synchrony. Journal of the ACM (JACM), 35(2):288–323, 1988.
Ulrich Schmid and Andreas Steininger. Decentralised fault-tolerant clock pulse generation in VLSI chips. TU Wien, 2010. Patent: US7791394B2.
Edward A Feustel. The Rice research computer: a tagged architecture. In Proceedings of the May 16-18, 1972, spring joint computer conference, pages 369–377, 1971.
Miguel Castro, Barbara Liskov, et al. Practical byzantine fault tolerance. In Operating systems design and implementation (OsDI), volume 99, pages 173–186, 1999.
Giuliana Santos Veronese, Miguel Correia, Alysson Neves Bessani, Lau Cheuk Lung, and Paulo Verissimo. Efficient Byzantine Fault-Tolerance. IEEE Transactions on Computers, 62(1):16–30, 2013.
Giuliana Santos Veronese, Miguel Correia, Alysson Neves Bessani, and Lau Cheuk Lung. Spin one’s wheels? byzantine fault tolerance with a spinning primary. In Proceedings of the 2009 28th IEEE International Symposium on Reliable Distributed Systems, SRDS’09, pages 135–144. IEEE Computer Society, 2009.
Miguel Correia, Nuno Ferreira Neves, and Paulo Verissimo. How to tolerate half less one byzantine nodes in practical distributed systems. In Reliable Distributed Systems, 2004. Proceedings of the 23rd IEEE International Symposium on, pages 174–183. IEEE, 2004.
Miguel Correia, Nuno Ferreira Neves, and Paulo Verissimo. BFT-TO: Intrusion tolerance with less replicas. The Computer Journal, 56(6):693–715, 2012.
Miguel Castro and Barbara Liskov. Practical byzantine fault tolerance and proactive recovery. ACM Transactions on Computer Systems (TOCS), 20(4):398–461, 2002.
Paulo Sousa, Alysson Neves Bessani, Miguel Correia, Nuno Ferreira Neves, and Paulo Verissimo. Highly available intrusion-tolerant services with proactive-reactive recovery. IEEE Transactions on Parallel and Distributed Systems, 21(4):452–465, 2010.
Byung-Gon Chun, Petros Maniatis, and Scott Shenker. Diverse replication for single-machine byzantine-fault tolerance. In USENIX 2008 Annual Technical Conference, ATC’08, pages 287–292. USENIX Association, 2008.
Tom Roeder and Fred B Schneider. Proactive obfuscation. ACM Transactions on Computer Systems (TOCS), 28(2):1–54, 2010.
Miguel Garcia, Alysson Bessani, Ilir Gashi, Nuno Neves, and Rafael Obelheiro. Os diversity for intrusion tolerance: Myth or reality? In 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN), pages 383–394. IEEE, 2011.
Per Larsen, Andrei Homescu, Stefan Brunthaler, and Michael Franz. Sok: Automated software diversity. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP’14, pages 276–291. IEEE Computer Society, 2014.
Miguel Garcia, Alysson Bessani, Ilir Gashi, Nuno Neves, and Rafael Obelheiro. Analysis of operating system diversity for intrusion tolerance. Software: Practice and Experience, 44(6):735–770, 2014.
Miguel Garcia, Alysson Bessani, and Nuno Neves. Lazarus: Automatic management of diversity in bft systems. In Proceedings of the 20th International Middleware Conference, pages 241–254. ACM, 2019.
Inês Pinto Gouveia. Architectural support for hypervisor-level intrusion tolerance in mpsocs. 2022.
Ali Shoker, Paulo Esteves Verissimo, and Marcus Völp. The path to fault-and intrusion-resilient manycore systems on a chip. arXiv preprint arXiv:2307.01783, 2023.
Paulo E Verissimo. Travelling through wormholes: a new look at distributed systems models. ACM SIGACT News, 37(1):66–81, 2006.
Rüdiger Kapitza, Johannes Behl, Christian Cachin, Tobias Distler, Simon Kuhnle, Seyed Vahid Mohammadi, Wolfgang Schröder-Preikschat, and Klaus Stengel. CheapBFT: Resource-efficient byzantine fault tolerance. In Proceedings of the 7th ACM European Conference on Computer Systems, EuroSys’12, pages 295–308. ACM, 2012.
B. Chun, P. Maniatis S. Shenker, and J. Kubiatowicz. Attested append-only memory: Making adversaries stick to their word. In 21st ACM Symposium on Operating Systems Principles (SOSP), pages 189–204, 2007.
Dave Levin, John R Douceur, Jacob R Lorch, and Thomas Moscibroda. TrInc: Small trusted hardware for large distributed systems. In NSDI, volume 9, pages 1–14, 2009.
Thomas C. Bressoud and Fred B. Schneider. Hypervisor-based fault tolerance. In 15th ACM Symposium on Operating Systems Principles (SOSP), pages 1–11, 1995.
Leslie Lamport. The part-time parliament. Transactions on Computer Systems, 16(2):133–169, 1998.
Emanuele Giuseppe Esposito, Paulo Coelho, and Fernando Pedone. Kernel paxos. In 37th Symposium on Reliable Distributed Systems (SRDS). IEEE, 2018.
Björn Döbel. Operating system support for redundant multithreading, 2014.
Tudor David, Rachid Guerraoui, and Maysam Yabandeh. Consensus inside. In Proceedings of the 15th International Middleware Conference, Middleware’14, pages 145–156. ACM, 2014.
Marcos K. Aguilera, Naama Ben-David, Rachid Guerraoui, Virendra J. Marathe, Athanasios Xygkis, and Igor Zablotchi. Microsecond consensus for microsecond applications. In 14th USENIX Symposium on Operating Systems Design and Implementation, 2020.
Marcos K. Aguilera, Naama Ben-David, Rachid Guerraoui, Virendra Marathe, and Igor Zablotchi. The impact of rdma on agreement. In Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing, PODC’19, pages 409–418. Association for Computing Machinery, 2019.
Stephen M Trimberger. Method and apparatus for protecting proprietary configuration data for programmable logic devices, 2003. US Patent 6,654,889.
Stephen M Trimberger and Jason J Moore. Fpga security: Motivations, features, and applications. Proceedings of the IEEE, 102(8):1248–1265, 2014.
Ed Peterson. Developing tamper-resistant designs with ultrascale and ultrascale+ fpgas. XAPP1098. Xilinx Corporation, 155:156, 2017.
Adam Duncan, Fahim Rahman, Andrew Lukefahr, Farimah Farahmandi, and Mark Tehranipoor. Fpga bitstream security: a day in the life. In 2019 IEEE International Test Conference (ITC), pages 1–10. IEEE, 2019.
Jorge Guajardo, Sandeep S Kumar, Geert-Jan Schrijen, and Pim Tuyls. Physical unclonable functions and public-key crypto for fpga ip protection. In 2007 International Conference on Field Programmable Logic and Applications, pages 189–195. IEEE, 2007.
Maik Ender, Amir Moradi, and Christof Paar. The unpatchable silicon: A full break of the bitstream encryption of Xilinx 7-series FPGAs. In 29th USENIX Security Symposium (USENIX Security 20), pages 1803–1819, 2020.
Maik Ender, Gregor Leander, Amir Moradi, and Christof Paar. A cautionary note on protecting Xilinx’s UltraScale+ bitstream encryption and authentication engine. In 2022 IEEE 30th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), pages 1–9. IEEE, 2022.
Ulrich Rührmair, Frank Sehnke, Jan Sölter, Gideon Dror, Srinivas Devadas, and Jürgen Schmidhuber. Modeling attacks on physical unclonable functions. In Proceedings of the 17th ACM conference on Computer and communications security, pages 237–249, 2010.
Jonas Krautter, Dennis RE Gnad, and Mehdi B Tahoori. Fpgahammer: Remote voltage fault attacks on shared fpgas, suitable for dfa on aes. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 44–68, 2018.
Allen Clement, Flavio Junqueira, Aniket Kate, and Rodrigo Rodrigues. On the (limited) power of non-equivocation. In Proceedings of the 2012 ACM symposium on Principles of distributed computing, pages 301–308, 2012.
Leslie Lamport, Robert E. Shostak, and Marshall C. Pease. The Byzantine Generals Problem. ACM Trans. Program. Lang. Syst., 4(3):382–401, 1982.