Advertisement

Security Services for Mixed-Criticality Systems Based on Networked Multi-core Chips

  • Thomas KollerEmail author
  • Donatus Weber
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9923)

Abstract

Modern cyber-physical systems are designed to execute safety-critical applications with different criticality levels on the same platform. Security is an emerging topic in this domain and gains more and more importance since security vulnerabilities in the systems are accompanied by the risk of malicious attacks. Targeting these vulnerabilities allows an attacker to manipulate the system which results in a decrease of dependability and safety. Therefore, security mechanisms are required to ensure an adequate protection against malicious attacks. The European FP7 project DREAMS introduces a service-based architecture to implement mixed-criticality systems on networked multi-core chips. The architecture is a cross-domain architecture and is based on core services for communication, execution, time synchronization and resource management. The security services extends these core services to provide secure communication, time synchronization and resource management for the architecture. This paper defines the required security properties to harden the DREAMS architecture against malicious attacks. The security properties are mapped to concrete security services that serve as basis for the implementation of the architecture. These services are categorized into different security levels and applied to the core services of the DREAMS architecture.

Keywords

Mixed-criticality Security Service-based architecture Cyber-physical systems Embedded systems 

Notes

Acknowledgement

The research leading to these results has received funding from the European Union’s Seventh Framework Programme FP7 2007-2013 under grant agreement 610640.

References

  1. 1.
    IEEE 802.1AE-2006 Standard for Local and Metropolitan Area Networks-Media Access Control (MAC) Security, June 2006. http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1678345
  2. 2.
    IEEE 802.1X-2010 Standard for Local and Metropolitan Area networks Networks - Port-Based Network Access Control, February 2010. http://ieeexplore.ieee.org/servlet/opac?punumber=5409757
  3. 3.
    Ancajas, D.M., Chakraborty, K., Roy, S.: Fort-NoCs: mitigating the threat of a compromised NoC. In: Proceedings of the 51st Annual Design Automation Conference, DAC 2014, pp. 158:1–158:6. ACM, New York (2014). http://doi.acm.org/10.1145/2593069.2593144
  4. 4.
    Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004). http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1335465 CrossRefGoogle Scholar
  5. 5.
    Fiorin, L., Palermo, G., Lukovic, S., Catalano, V., Silvano, C.: Secure memory accesses on networks-on-chip. IEEE Trans. Comput. 57(9), 1216–1229 (2008). http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4492766 MathSciNetCrossRefGoogle Scholar
  6. 6.
    Fiorin, L., Palermo, G., Lukovic, S., Silvano, C.: A data protection unit for NoC-based architectures. In: Proceedings of the 5th IEEE/ACM International Conference on Hardware/Software Codesign and System Synthesis, CODES+ISSS 2007, pp. 167–172. ACM, New York (2007). http://doi.acm.org/10.1145/1289816.1289858
  7. 7.
    Grammatikakis, M., Papadimitriou, K., Petrakis, P., Papagrigoriou, A., Kornaros, G., Christoforakis, I., Tomoutzoglou, O., Tsamis, G., Coppola, M.: Security in MPSoCs: a NoC firewall and an evaluation framework. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 34(8), 1344–1357 (2015). http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7131504 CrossRefGoogle Scholar
  8. 8.
    Isakovic, H., Wasicek, A.: Secure channels in an integrated MPSoC architecture. In: IECON 2013 - 39th Annual Conference of the IEEE Industrial Electronics Society, pp. 4488–4493 (2013)Google Scholar
  9. 9.
    Obermaisser, R., Weber, D.: Architectures for mixed-criticality systems based on networked multi-core chips. In: 2014 IEEE Emerging Technology and Factory Automation (ETFA), pp. 1–10 (2014). http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7005228
  10. 10.
    Obermaisser, R., Owda, Z., Abuteir, M., Ahmadian, H., Weber, D.: End-to-end real-time communication in mixed-criticality systems based on networked multicore chips. In: 2014 17th Euromicro Conference on Digital System Design (DSD), pp. 293–302. IEEE, August 2014. http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6927257
  11. 11.
    Salloum, C., Elshuber, M., Hoftberger, O., Isakovic, H., Wasicek, A.: The ACross MPSoC - a new generation of multi-core processors designed for safety-critical embedded systems. In: 2012 15th Euromicro Conference on Digital System Design (DSD), pp. 105–113 (2012). http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6386877
  12. 12.
    Seo, K., Kent, S.: Security architecture for the internet protocol, December 2005. https://tools.ietf.org/html/rfc4301
  13. 13.
    Wasicek, A., El-Salloum, C., Kopetz, H.: A system-on-a-chip platform for mixed-criticality applications. In: 2010 13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing (ISORC), pp. 210–216, May 2010Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Chair for Data Communications SystemsUniversity of SiegenSiegenGermany
  2. 2.Chair for Embedded SystemsUniversity of SiegenSiegenGermany

Personalised recommendations