Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware
This addresses security for mobile devices with SoCs, but it is incremental as it builds on existing access control mechanisms.
The paper tackles the problem of securing System-on-Chip (SoC) hardware against malicious or defective IP by proposing a Network-on-Chip Firewall (NoCF) as a single control point, demonstrating an initial analysis to detect vulnerabilities from NoC protocol violations.
Mobile devices are in roles where the integrity and confidentiality of their apps and data are of paramount importance. They usually contain a System-on-Chip (SoC), which integrates microprocessors and peripheral Intellectual Property (IP) connected by a Network-on-Chip (NoC). Malicious IP or software could compromise critical data. Some types of attacks can be blocked by controlling data transfers on the NoC using Memory Management Units (MMUs) and other access control mechanisms. However, commodity processors do not provide strong assurances regarding the correctness of such mechanisms, and it is challenging to verify that all access control mechanisms in the system are correctly configured. We propose a NoC Firewall (NoCF) that provides a single locus of control and is amenable to formal analysis. We demonstrate an initial analysis of its ability to resist malformed NoC commands, which we believe is the first effort to detect vulnerabilities that arise from NoC protocol violations perpetrated by erroneous or malicious IP.