Reliability Driven Mixed Critical Tasks Processing on FPGAs Against Hardware Trojan Attacks
01 Aug 2018-pp 537-544
TL;DR: In this article, a reliability-driven mixed critical periodic task schedule generation against HTH attacks is focused, where reliability ensured execution of mixed critical aperiodic and sporadic tasks is considered.
Abstract: The property of dynamic partial reconfiguration of modern field programmable gate arrays (FPGAs) has made it feasible to execute various mixed critical tasks on the same platform. This requires partitioning the FPGA fabric into several virtual portions (VPs) and a scheduling methodology to determine which task is to be executed when and in which FPGA VP. Executing a task in an FPGA VP requires runtime configuring of the VP with a bitstream or a reconfigurable intellectual property, procured from a third party intellectual property (3PIP) vendor. Recent literature has exposed the presence of malicious elements like hardware trojan horses (HTHs) in such 3PIP bitstreams. Such HTH is particularly dangerous as these remain dormant during testing and initial stages of operation, but gets activated suddenly at runtime to jeopardize the basic security primitives of the system. Thus, reliability driven mixed critical tasks processing on FPGAs against HTH attacks is important. Firstly, reliability driven mixed critical periodic task schedule generation against HTH attacks is focused. Secondly, reliability ensured execution of mixed critical aperiodic and sporadic tasks in the generated periodic task schedule is considered. Experimentation is carried out with a variety of bitstreams and performance evaluation is performed via metrics like task success rate, task rejection rate and task preemption rate.
Citations
More filters
TL;DR: A survey of recent works that focus on reliability-aware resource management in multi-/many-core systems, primarily focusing on aspects such as application-specific reliability optimization, mixed-criticality awareness, and hardware resource heterogeneity is presented.
Abstract: With the advancement of technology scaling, multi/many-core platforms are getting more attention in embedded systems due to the ever-increasing performance requirements and power efficiency. This feature size scaling, along with architectural innovations, has dramatically exacerbated the rate of manufacturing defects and physical fault-rates. As a result, in addition to providing high parallelism, such hardware platforms have introduced increasing unreliability into the system. Such systems need to be well designed to ensure long-term and application-specific reliability, especially in mixed-criticality systems, where incorrect execution of applications may cause catastrophic consequences. However, the optimal allocation of applications/tasks on multi/many-core platforms is an increasingly complex problem. Therefore, reliability-aware resource management is crucial while ensuring the application-specific Quality-of-Service (QoS) requirements and optimizing other system-level performance goals. This article presents a survey of recent works that focus on reliability-aware resource management in multi-/many-core systems. We first present an overview of reliability in electronic systems, associated fault models and the various system models used in related research. Then, we present recent published articles primarily focusing on aspects such as application-specific reliability optimization, mixed-criticality awareness, and hardware resource heterogeneity. To underscore the techniques’ differences, we classify them based on the design space exploration. In the end, we briefly discuss the upcoming trends and open challenges within the domain of reliability-aware resource management for future research.
12 citations
Cites background from "Reliability Driven Mixed Critical T..."
...[115] have proposed a reliability driven scheduling approach for mixed-criticality tasks by handling periodic, aperiodic, and sporadic tasks on FPGAs against hardware trojan horse attacks....
[...]
TL;DR: This work explores how power draining ability of HTHs may reduce lifetime of the system and an offline–online scheduling strategy is proposed for periodic tasks which can ensure reliability of their operations till the expected lifetime ofThe system.
Abstract: The present era has witnessed deployment of reconfigurable hardware or field-programmable gate arrays (FPGAs) in diverse domains like automation and avionics, which are cyber physical in nature. Such cyber physical systems are associated with strict power budgets. Efficient real-time task-scheduling strategies exist that ensure execution of maximum number of tasks within the power budget. However, these do not consider hardware threats into account. Recent literature has exposed the existence of hardware trojan horses (HTHs). HTHs are malicious circuitry that remain dormant during testing and evade detection, but get activated at runtime to jeopardize operations. HTHs can be etched into the FPGA fabric by adversaries in the untrustworthy foundries, during fabrication of the FPGAs. Even vendors selling reconfigurable intellectual properties or bitstreams that configure the FPGA fabric for task operation may insert HTHs during writing the bitstream codes. HTHs may cause a variety of attacks which may affect the basic security primitives of the system like its integrity, confidentiality or availability. In this work, we explore how power draining ability of HTHs may reduce lifetime of the system. A self-aware approach is also proposed which detects the affected resources of the system and eradicates their use in future to facilitate system reliability. An offline–online scheduling strategy is proposed for periodic tasks which can ensure reliability of their operations till the expected lifetime of the system. Accommodating non-periodic tasks in the periodic task schedule based on available power is also focused. For experimentation, we consider tasks associated with EPFL benchmarks and demonstrate results based on the metric task success rate for periodic tasks and metric task rejection rate for non-periodic tasks.
9 citations
TL;DR: This work initially explores how HTHs implanted by 3PIP vendors in the bitstreams may cause active attacks, and develops strategies to ensure reliability for processing of mixed critical tasks on reconfigurable hardware against HTH attacks.
6 citations
01 Jan 2020
TL;DR: Design of simple low overhead performance aware co-operative agents (PACA) are proposed associated with each FPGA and monitor their performance at runtime to ensure reliability of mixed critical tasks for FPGAs based cloud environments from such vulnerabilities.
Abstract: The present era has witnessed deployment of field programmable gate arrays (FPGAs) in cloud environments, which need to serve mixed critical tasks. For these, tasks with different criticalities need to be executed on a common platform and the property of dynamic partial reconfiguration of FPGAs make it suitable for such purposes. Several task scheduling algorithms are available which ensure suitable task schedules for such environments. However, these do not consider vulnerabilities associated with hardware. Malicious elements like hardware trojan horses (HTHs) may be present in FPGA fabric or in bitstreams procured from various third party vendors that conFigure the FPGAs. HTHs remain dormant during testing and get activated at runtime to jeopardize task executions. To ensure reliability of mixed critical tasks for FPGA based cloud environments from such vulnerabilities, we propose design of simple low overhead performance aware co-operative agents (PACA). These are associated with each FPGA and monitor their performance at runtime. On detecting an anomaly, the agent communicates with other agents of the system and outsources the tasks to ensure their secure completion. Fault diagnosis is also performed by PACA to determine whether the FPGA fabric is affected or the bitstream is affected. If the FPGA is affected, then it continues to outsource its tasks to other FPGAs, else it marks the vendor who supplied the affected bitstream as untrustworthy and avoids bitstreams procured from it in future. Thus, via multi agent cooperation, system reliability is ensured. Experimental validation is performed via the metric task success rate over normalized task deadline and increment in FPGA resources for several hardware tasks, associated with standard ISCAS and ITC 99 benchmarks. Low overhead of security components over various homogeneous FPGA environments determine the feasibility of proposed mechanism for practical applications.
4 citations
Cites background from "Reliability Driven Mixed Critical T..."
...A recent study has explored how reliability can be ensured for mixed critical task execution from HTH attacks at runtime [16]....
[...]
TL;DR: Dynamic partial reconfiguration (DPR) enabled FPGA-based Cloud architecture acts as a flexible and efficient shared environment to facilitates application support to users' request at low cost.
Abstract: Dynamic partial reconfiguration (DPR) enabled FPGA-based Cloud architecture acts as a flexible and efficient shared environment to facilitates application support to users’ request at low cost. While on one hand we need to handle a variety of tasks, such as periodic or sporadic, deadline or non-deadline, high or low critical tasks from the point of producing correct results, on the other hand we are constrained to use untrusted FPGA-based application IP blocks procured from various third-party vendors, which may contain hardware Trojan horse (HTH) affecting throughput and reliability of the Cloud. We propose Trojan-aware processing of tasks by monitored execution of a task on different untrusted cores, and then one more execution is done upon detection of hardware Trojan effects. For this stringent scheduling environment, the proposed dynamic scheduling algorithm is also properly extended to guarantee successful recovery from Trojan effects for all accepted tasks. Experimental results show that our algorithm improves worst-case-response-time for all tasks including non-deadline tasks and achieves lower task rejection rate for the deadline tasks, through judicious non-uniform partitioning of FPGAs based on supported jobs and subsequent better resource utilization, compared to that for existing Trojan-aware scheduling techniques.
3 citations
Cites background or methods from "Reliability Driven Mixed Critical T..."
...Our technique produces results for all accepted tasks with any level of criticality contrary to the technique [12], fails to produce results for the accepted tasks with medium criticality, which causes loss of reputation of the Cloud working on pay-per-use basis....
[...]
...In each of these works [12, 14, 15] on Trojan or fault-aware scheduling of FPGA-based tasks, the FPGA is equi-partitioned into large-enough homogeneous partitions such that any arbitrary task may be feasibly mapped into any partition....
[...]
...For scheduling real-time tasks on FPGA-based embedded systems, the authors of Reference [12] consider error-producing HTH as well as delayinducing HTH for the tasks with different criticality levels and propose dual or triple execution of the affected task by expanding the task schedule....
[...]
...Sch_TrojAWR is compared with an existing Trojan-aware scheduling [12] that has considered deadline tasks only to be scheduled on Zynq 7 series FPGA....
[...]
...For cases with more than 80% deadline tasks, the work in Reference [12] rejects a significantly larger number of tasks compared to ours, and as the existing timing resource is distributed along the accepted tasks, it shows slightly lower WCRT for this range....
[...]
References
More filters
15 Jul 2014
TL;DR: The threat of hardware Trojan attacks is analyzed; attack models, types, and scenarios are presented; different forms of protection approaches are discussed; and emerging attack modes, defenses, and future research pathways are described.
Abstract: Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip-e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.
588 citations
"Reliability Driven Mixed Critical T..." refers background in this paper
...A survey of the prevalent HTH counteracting techniques is discussed in [5]....
[...]
...The globalization strategy involves outsourcing of various phases of SoC design across the globe and procuring of intellectual properties (IPs) from various third party intellectual property (3PIP) vendors [5]....
[...]
...However, eviction of the hardware root of trust has been illustrated in the last decade by many eminent researchers [5]....
[...]
30 Aug 2009
TL;DR: A test pattern generation technique based on multiple excitation of rare logic conditions at internal nodes that maximizes the probability of inserted Trojans getting triggered and detected by logic testing, while drastically reducing the number of vectors compared to a weighted random pattern based test generation.
Abstract: In order to ensure trusted in---field operation of integrated circuits, it is important to develop efficient low---cost techniques to detect malicious tampering (also referred to as Hardware Trojan ) that causes undesired change in functional behavior Conventional post--- manufacturing testing, test generation algorithms and test coverage metrics cannot be readily extended to hardware Trojan detection In this paper, we propose a test pattern generation technique based on multiple excitation of rare logic conditions at internal nodes Such a statistical approach maximizes the probability of inserted Trojans getting triggered and detected by logic testing, while drastically reducing the number of vectors compared to a weighted random pattern based test generation Moreover, the proposed test generation approach can be effective towards increasing the sensitivity of Trojan detection in existing side---channel approaches that monitor the impact of a Trojan circuit on power or current signature Simulation results for a set of ISCAS benchmarks show that the proposed test generation approach can achieve comparable or better Trojan detection coverage with about 85% reduction in test length on average over random patterns
411 citations
Additional excerpts
...Logic testing involves creation of test vectors to trigger malicious effects of HTHs during testing and detect them [8]....
[...]
TL;DR: A novel noninvasive, multiple-parameter side-channel analysisbased Trojan detection approach that uses the intrinsic relationship between dynamic current and maximum operating frequency of a circuit to isolate the effect of a Trojan circuit from process noise.
Abstract: Hardware Trojan attack in the form of malicious modification of a design has emerged as a major security threat. Sidechannel analysis has been investigated as an alternative to conventional logic testing to detect the presence of hardware Trojans. However, these techniques suffer from decreased sensitivity toward small Trojans, especially because of the large process variations present in modern nanometer technologies. In this paper, we propose a novel noninvasive, multiple-parameter side-channel analysisbased Trojan detection approach. We use the intrinsic relationship between dynamic current and maximum operating frequency of a circuit to isolate the effect of a Trojan circuit from process noise. We propose a vector generation approach and several design/test techniques to improve the detection sensitivity. Simulation results with two large circuits, a 32-bit integer execution unit (IEU) and a 128-bit advanced encryption standard (AES) cipher, show a detection resolution of 1.12 percent amidst ±20 percent parameter variations. The approach is also validated with experimental results. Finally, the use of a combined side-channel analysis and logic testing approach is shown to provide high overall detection coverage for hardware Trojan circuits of varying types and sizes.
207 citations
"Reliability Driven Mixed Critical T..." refers methods in this paper
...Side channel analysis takes the aid of side channel parameters like delay, power, leakage current, etc to detect presence of an HTH in the experimental model, with respect to a reference or golden model [9]....
[...]
27 Jul 2009
TL;DR: This work explores an approach to this problem that combines multicore hardware with dynamic distributed software scheduling to determine hardware trust during in-field use at run time and dynamically achieves trust determination by identifying the existence of Trojans with a high level of confidence.
Abstract: Current research into Trojan detection suggests that exhaustive Trojan detection in a chip during limited manufacturing test time is an extremely difficult problem. Indeed, an especially nefarious form of Trojan known as the time bomb has a payload activated in a delayed manner making it extremely hard to detect. As a result, chip trust detection at manufacturing test time may not be adequate especially for critical applications. This suggests that some form of dynamic trust detection of the chip both preliminary (possibly during a preproduction phase) and during in-field use at run time is required. We explore an approach to this problem that combines multicore hardware with dynamic distributed software scheduling to determine hardware trust during in-field use at run time. Our approach involves the scheduling and execution of functionally equivalent variants (obtained by different compilations, or different algorithm variations) simultaneously on different PEs and comparing the results. The process dynamically achieves trust determination by identifying the existence of Trojans with a high level of confidence.
75 citations
"Reliability Driven Mixed Critical T..." refers background in this paper
...Redundancy with polling techniques basically duplicates or triplicates an operation to ensure trust with IPs procured from a number of sources [13]....
[...]
TL;DR: This paper proposes a design methodology that enhances the classical system-level design flow for embedded systems to introduce reliability-awareness, and allows the designer to specify that only some parts of the systems need to be hardened against faults.
Abstract: This paper proposes a design methodology that enhances the classical system-level design flow for embedded systems to introduce reliability-awareness. The mapping and scheduling step is extended to support the application of hardening techniques to fulfill the required fault management properties that the final system must exhibit; moreover, the methodology allows the designer to specify that only some parts of the systems need to be hardened against faults. The reference architecture is a complex distributed one, constituted by resources with different characteristics in terms of performance and available fault detection/tolerance mechanisms. The approach is evaluated and compared against the most recent and relevant work, with an in-depth analysis on a large set of benchmarks.
67 citations
"Reliability Driven Mixed Critical T..." refers background or methods in this paper
...Several works on reliability driven mixed critical tasks scheduling exist [3], [4]....
[...]
...2) FD for C2 Tasks: Dual redundancy or two times task execution, followed by result checking is the generic technique to ensure reliability for C2 tasks in a mixed critical scheduling environment [3]....
[...]
...1) FDC for C1 Tasks: For reliable mixed critical task scheduling on generic processors, a triple redundancy in task execution followed by a majority polling operation is needed [3]....
[...]
...The degree of reliability needed to ensure safety varies with the criticality of mixed critical tasks [3]....
[...]
...Such systems are generally mixed critical, where different tasks need to be executed in a common platform to optimize resource and reduce design cost and energy consumption [3]....
[...]