Memory Protection on FPGAs

  • Ted HuffmireEmail author
  • Cynthia Irvine
  • Thuy D. Nguyen
  • Timothy Levin
  • Ryan Kastner
  • Timothy Sherwood


This chapter describes a memory access policy language (Huffmire et al., Proceedings of the European Symposium on Research in Computer Security (ESORICS), Hamburg, Germany, September 2006), based on formal regular languages, and demonstrates how this language can express classical security policies, including isolation, controlled sharing, and Chinese wall. This chapter also describes a policy compiler (Huffmire et al., Proceedings of the European Symposium on Research in Computer Security (ESORICS), Hamburg, Germany, September 2006) that translates an access policy expressed in this language into a synthesizeable hardware module.


  1. 1.
    A. Aho, R. Sethi, J. Ullman, Compilers: Principles, Techniques, and Tools (Addison Wesley, Reading, 1988) Google Scholar
  2. 2.
    Altera Inc, Quartus II Manual, 2004 Google Scholar
  3. 3.
    J.P. Anderson, Computer security technology planning study. Technical Report ESD-TR-73-51, ESD/AFSC, Hanscorn AFB, Bedford, MA, 1972 Google Scholar
  4. 4.
    D.E. Bell, L.J. LaPadula, Secure computer systems: mathematical foundations and model. The MITRE Corporation, Bedford, MA, USA, May 1973 Google Scholar
  5. 5.
    K.J. Biba, Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA, 1977 Google Scholar
  6. 6.
    D.F.C. Brewer, M.J. Nash, The Chinese wall security policy, in Proceedings of the 1989 IEEE Symposium on Security and Privacy, 1989 Google Scholar
  7. 7.
    D.E. Denning, A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976) MathSciNetzbMATHCrossRefGoogle Scholar
  8. 8.
    A. Gerzic, CodeGuru: write your own regular expression parser, November 2003,
  9. 9.
    T. Huffmire, S. Prasad, T. Sherwood, R. Kastner, Policy-driven memory protection for reconfigurable hardware, in Proceedings of the European Symposium on Research in Computer Security (ESORICS), Hamburg, Germany, September 2006 Google Scholar
  10. 10.
    T. Huffmire, B. Brotherton, G. Wang, T. Sherwood, R. Kastner, Moats and drawbridges: an isolation primitive for reconfigurable hardware based systems, in Proceedings of the 2007 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2007 Google Scholar
  11. 11.
    T. Huffmire, T. Sherwood, R. Kastner, T. Levin, Enforcing memory policy specifications in reconfigurable hardware. Comput. Secur. 27(5–6), 197–215 (2008) CrossRefGoogle Scholar
  12. 12.
    S. Johnson, Yacc: yet another compiler-compiler. Technical Report CSTR-32, Bell Laboratories, Murray Hill, NJ, 1975 Google Scholar
  13. 13.
    M. Lesk, E. Schmidt, Lex: a lexical analyzer generator. Technical Report 39, Bell Laboratories, Murray Hill, NJ, October 1975 Google Scholar
  14. 14.
    P. Linz, An Introduction to Formal Languages and Automata (Jones and Bartlett, Sudbury, 2001) Google Scholar
  15. 15.
    J. Navarro, S. Iyer, P. Druschel, A. Cox, Practical, transparent operating system support for Superpages, in Fifth Symposium on Operating Systems Design and Implementation (OSDI’02), Boston, MA, December 2002 Google Scholar
  16. 16.
    D. Raymond, D. Wood, Grail: A C++ library for automata and expressions. J. Symb. Comput. 11, 341–350 (1995) Google Scholar
  17. 17.
    J. Rushby, A trusted computing base for embedded systems, in Proceedings 7th DoD/NBS Computer Security Conference, September 1984, pp. 294–311 Google Scholar
  18. 18.
    J. Saltzer, Protection and the control of information sharing in Multics. Commun. ACM 17(7), 388–402 (1974) CrossRefGoogle Scholar
  19. 19.
    F.B. Schneider, Enforceable security policies. ACM Trans. Inform. Syst. Secur. 3(1), 30–50 (2000) CrossRefGoogle Scholar
  20. 20.
    G.W. Smith, R.B. Newton, A taxonomy of organisational security policies, in Proceedings of the 23rd National Information Systems Security Conference, Baltimore, MD, USA, October 2000 Google Scholar
  21. 21.
    D.F. Sterne, On the buzzword “security policy”, in Proceedings of the 1991 IEEE Symposium on Security and Privacy, Oakland, CA, 1991, pp. 219–230 Google Scholar
  22. 22.
    E. Witchel, J. Cates, K. Asanovic, Mondrian memory protection, in Tenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X), San Jose, CA, October 2002 Google Scholar
  23. 23.
    M.E. Zurko, R.T. Simon, User-centered security, in Proceedings of the 1996 Workshop on New Security Paradigms, Lake Arrowhead, CA, September 1996 Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2010

Authors and Affiliations

  • Ted Huffmire
    • 1
    Email author
  • Cynthia Irvine
    • 1
  • Thuy D. Nguyen
    • 1
  • Timothy Levin
    • 1
  • Ryan Kastner
    • 2
  • Timothy Sherwood
    • 3
  1. 1.Department of Computer ScienceNaval Postgraduate SchoolMontereyUSA
  2. 2.Dept. of Computer Science and Eng.University of California, San DiegoLa JollaUSA
  3. 3.Department of Computer ScienceUC, Santa BarbaraSanta BarbaraUSA

Personalised recommendations