Language Virtual Machines (VMs) are the execution engine of high-level languages, present in virtually all computing systems. Their components are complex and a vulnerability in any part of the execution makes the underlying victim computer open to arbitrary code execution. The Just-In-Time (JIT) compilation process is used in VMs for performance purposes by generating optimized code at run time. Taking advantage of the dynamic nature of this code, we present JITDomain, an instruction-level domain isolation solution. It duplicates memory access instructions and ties them to a specific domain to enforce three main guarantees on the JIT code, a critical part of the VM memory: call stack isolation, data access separation, and system call filtering. As new instructions come as drop-in replacement for existing ones, the instrumentation cost and code size overhead is minimized. We implemented the JITDomain solution by extending the RISC-V instruction set architecture and the CVA6 open-source processor at negligible overhead (+ 0.5%). The evaluation performed using Gigue, a JIT code workload generator, shows a performance overhead of less than 2.5%, making it suitable for real-world usage. The implementation does not slow down classical core utilization and is validated by a dedicated functional test suite.
Trusted Execution Environments (TEEs) protect enclave memory from untrusted software but remain vulnerable to cache-based side-channel attacks due to shared microarchitectural resources. Existing hardware defenses mainly rely on cache partitioning, which reduces effective capacity, or randomized remapping, which provides only probabilistic protection. This paper presents HermiCache, a deterministic enclave-aware cache isolation mechanism that enforces eviction confinement through ownership-aware replacement without partitioning. Each cache line is extended with lightweight metadata so that lookup and replacement decisions are restricted to the requester security domain. HermiCache is implemented at RTL in the CVA6 RISC-V core and integrated with Keystone. FPGA synthesis shows less than 5% hardware overhead, while gem5 evaluation reports up to 5% IPC degradation for secure and non-secure workloads.
Efficient deployment of Deep Learning (DL) models on RISC-V-based multi-core platforms remains a significant challenge, especially when multiple models with heterogeneous structures and precision requirements must run concurrently. Existing frameworks offer optimized execution for single-model inference but lack support for multi-model scheduling, as well as priority-based resource allocation. In this work, we extend the capabilities of such frameworks by formalizing the problem of multi-model, multiprecision inference scheduling on constrained many-core architectures like Parallel Ultra-Low Power (PULP). We define a scheduling space where multiple Deep Neural Networks (DNNs), varying in size, type and precision, compete for limited computing and memory resources. We introduce a simple, priority-aware scheduling layer that allocates cores and memory tiles across models, aiming to either minimize overall inference latency or find a tradeoff satisfying each model’s deadline. To demonstrate the effectiveness of our approach, we leverage the existing Deployment Oriented to memoRY (DORY) framework, and apply a greedy scheduling strategy. We conducted experiments with several models across several tasks and showed that even basic scheduling policies can significantly improve latency, core utilization, and memory efficiency over static and sequential baselines.
Presentation at this workshop.
Dynamically reconfigurable hardware offers significant adaptability and performance advantages for modern System-on-Chip (SoC) architectures, but also enlarges the system’s attack surface. Previous work has shown that reconfigurable accelerators can exploit weaknesses in Input Output Memory Management Unit (IOMMU) to perform unauthorized Direct Memory Accesss (DMAs), revealing limitations in current I/O protection mechanisms. This paper presents ARMOR, a hardware mechanism designed to ensure the trustworthy integration of reconfigurable accelerators within IOMMU-enabled SoCs. ARMOR enforces secure device identity verification and provides runtime supervision of accelerator activity to detect and prevent abnormal or malicious behavior. Implemented in a RISC-V environment and validated through simulation, it effectively prevents I/O-based attacks while maintaining system compatibility and low performance overhead.
This survey investigates recent developments in versatile embedded ML hardware acceleration. Various architectural approaches for efficient implementation of ML algorithms on resource-constrained devices are analyzed, focusing on three key aspects: performance optimization, embedded system considerations (throughput, latency, energy efficiency) and multi-application support. Nevertheless, it does not take into account attacks and defenses of ML architectures themselves. The survey then explores different hardware acceleration strategies, from custom RISC-V instructions to specialized PE, PiM architectures and co-design approaches. Notable innovations include flexible bit-precision support, reconfigurable PE, and optimal memory management techniques for reducing weights and (hyper)-parameters movements overhead. Subsequently, these architectures are evaluated based on the aforementioned key aspects. Our analysis shows that relevant and robust embedded ML acceleration requires careful consideration of the trade-offs between computational capability, power consumption, and architecture flexibility, depending on the application.
Dynamic Partial Reconfiguration (DPR) enhances flexibility in modern hardware but introduces security risks. This work demonstrates how a Malicious Hardware Accelerator (MHA) can exploit Direct Memory Access (DMA) to bypass Input Output Memory Management Unit (IOMMU) protections through device ID manipulation, enabling unauthorized memory access. This vulnerability exposes a fundamental security gap in the management of dynamically reconfigurable systems. By highlighting this issue and proposing mitigation strategies, we provide a conceptual framework to guide the development of security mechanisms for dynamically adaptable architectures.
Confidential computing includes various methods to enhance data security, notably by processing sensitive information within Trusted Execution Environments (TEEs). However, TEEs remain vulnerable to Side-Channel Attacks (SCAs), such as cache timing attacks, which exploit timing variations to extract confidential data. Existing TEE designs do not provide sufficient protection against these threats, highlighting the need for stronger security measures. This study focuses on integrating countermeasures specifically targeting timing and cache vulnerabilities within a TEE. The implementation will leverage the RISC-V architecture to explore its potential in mitigating SCA within TEE.
Confidential computing includes various methods to enhance data security, notably by processing sensitive information within TEE. However, TEE remain vulnerable to SCA, such as cache timing attacks, which exploit timing variations to extract confidential data. Existing TEE designs do not provide sufficient protection against these threats, highlighting the need for stronger security measures. This study focuses on integrating countermeasures specifically targeting timing and cache vulnerabilities within a TEE. The implementation will leverage the RISC-V architecture to explore its potential in mitigating SCA within TEE.
Dynamic Partial Reconfiguration (DPR) enhances flexibility in modern hardware but introduces security risks. This work demonstrates how a Malicious Hardware Accelerator (MHA) can exploit Direct Memory Access (DMA) to bypass Input Output Memory Management Unit (IOMMU) protections through device ID manipulation, enabling unauthorized memory access. This vulnerability exposes a fundamental security gap in the management of dynamically reconfigurable systems. By highlighting this issue and proposing mitigation strategies, we provide a conceptual framework to guide the development of security mechanisms for dynamically adaptable architectures.
Presentation at this workshop.
Programming Language Virtual Machines (VMs) are composed of several components that together execute and manage languages efficiently. They are deployed in virtually all computing systems through modern web browsers. However, vulnerabilities in any VM component pose a significant threat to security and privacy. In this article, we present a survey of software attacks on Just-In-Time (JIT) compilers, which dynamically produce optimized code at run time. We first present an overview and categorization of software attacks and their vectors as presented in the literature, identifying three main attack classes: code injection, code-reuse, and data-only attacks. We show how each can lead to arbitrary code execution. Next, we present a comprehensive taxonomy of defenses, including diversification, strict memory permissions and capability containment. While some were integrated in modern VMs, we draw recommendations for future protections. Securing JIT compilers remains challenging due to inherent conflicts with security principles, such as W^X (Writable XOR eXecutable), and the complexity of JIT optimizations. Finally, we examine how newer architectures, like ARMv8 and RISC-V, face similar threats. With RISC-V’s open architecture offering a promising platform for prototyping VM-specific protections and custom security instructions, we discuss hardware-assisted runtime protections and RISC-V extensions that could enhance VM security.
Randomizing the mapping of addresses to cache entries has proven to be an effective technique for hardening caches against contention-based attacks like Prime+Prome. While attacks and defenses are still evolving, it is clear that randomized caches significantly increase the security against such attacks. However, one aspect that is missing from most analyses of randomized cache architectures is the choice of the replacement policy. Often, only the random- and LRU replacement policies are investigated. However, LRU is not applicable to randomized caches due to its immense hardware overhead, while the random replacement policy is not ideal from a performance and security perspective.
Cache-based timing side-channel attacks are prevalent and correspond to a security threat for both high-end and embedded processors. In this paper, we propose and implement a fine-grained dynamic partitioning countermeasure relying on a hardware-software collaboration. The proposed approach extends the RISC-V Instruction Set Architecture (ISA) with lock and unlock instructions to allow a program to explicitly lock cache lines in the data cache memory, ensuring constant-time accesses. Experimental results show that the proposed solution defeats contention-based cache side-channel attacks such as Prime+probe and leads to a low area overhead (<3%), a low impact on binary code size (<0.3 %) and a low impact on miss rate (<2%).
No abstract yet.
IDSs (Intrusion Detection Systems) include more and more AI (Artificial Intelligence) engines to detect several attack types. However, in order to be efficient in both learning and inference phases, such systems must include hardware coprocessors to improve AI-related computations. In this PhD thesis, we would like to explore the capabilities of RISC-V based processors in this context. RISC-V is an open-source ISA (Instruction Set Architecture) than can be easily extended. The main goal of this thesis is to propose RISC-V extensions for an IDS embedded into collaborative and heterogeneous unmanned vehicles (submarine, marine, or aerial), it must detect abnormal behaviors and must be efficient in terms of power consumption, area and runtime overheads. Furthermore, coprocessors developed in this thesis should not introduce security breaches into the system. Finally, a proof-of-concept should be developed to demonstrate the efficiency of algorithms and hardware implementations compared to software solutions.
Presentation at this workshop.
Presentation at this workshop.
Just-in-time compilers are the main virtual machine components responsible for performance. They recompile frequently used source code to machine code directly, avoiding the slower interpretation path. Hardware acceleration and performant security primitives would benefit the generated JIT code directly and increase the adoption of hardware-enforced primitives in a high-level execution component. The RISC-V instruction set architecture presents extension capabilities to design and integrate custom instructions. It is available as open-source and several capable open-source cores coexist, usable for prototyping. Testing JIT-compiler-specific instruction extensions would require extending the JIT compiler itself, other VM components, the underlying operating system, and the hardware implementation. As the cost of hardware prototyping is already high, a lightweight representation of the JIT compiler code region in memory would ease prototyping and implementation of new solutions. In this work, we present Gigue, a binary generator that outputs bare-metal executable code, representing a JIT code region snapshot composed of randomly filled methods. Its main goal is to speed up hardware extension prototyping by defining JIT-centered workloads over the newly defined instructions. It is modular and heavily configurable to qualify different JIT code regions’ implementations from VMs and different running applications. We show how the generated binaries can be extended with three custom extensions, whose execution is guaranteed by Gigue’s testing framework. We also present different application case generation and execution on top of a fully-featured RISC-V core.
Timing side-channels are an identified threat for security critical software. Existing countermeasures have a cost either on the hardware requirements or execution time. We focus on low-cost microcontrollers that have a very low computational capacity. Although these processors do not feature out-of-order execution or speculation, they remain vulnerable to timing attacks exploiting the varying latencies of ALU operations or memory accesses.We propose to augment the RISC-V ISA with security primitives that have a guaranteed timing behavior. These primitives allow constant time ALU operations and memory accesses that do not alter the state of the cache. Our approach has a low overhead in terms of hardware cost, binary code size, and execution time both for the constant time secure program and other programs running concurrently on the same hardware.
Language Virtual Machines (VM) need to be extremely efficient and hence use complex engines such as a JIT compiler to speed up the usual bytecode interpretation loop. Their usage of low-level and security-critical tasks make them targets of choice. Enforcing low-cost fine-grained memory isolation has been an important research focus as a countermeasure to the most advanced JIT attacks. Memory isolation splits the components of an application with controlled communication and verified access to other resources. We present how custom instructions linked to hardware-enforced domain-checking could protect JIT code and data. We present incremental solutions and their corresponding custom instructions. The generated machine code and extended RISC-V Rocket come at a low-cost both in performance and intrusiveness.
The RISC-V Instruction Set Architecture (ISA) is an open-source, modular and extensible ISA. The ability to add new instructions into a dedicated core opens up perspectives to accelerate VM components or provide dedicated hardware IPs to applications running on top. However, the RISC-V ISA design is clashing on several aspects with other ISAs and therefore software historically built around them. Among them, the lack of condition codes and instruction expansion through simple instruction combination. In this paper we present the challenges of porting Cogit, the Pharo’s JIT compiler tightly linked to the x86 ISA, on RISC-V. We present concrete examples of them and the rationale behind their inclusion in the RISC-V ISA. We show how those mismatches are solved through design choices of the compilation process or through tools helping development, a VM simulation framework to keep the development in a high-level environment for the most part, an ISA-agnostic test harness covering main VM functionalities and a machine code debugger to explore and execute generated machine code. We also present a way to prototype custom instructions and execute them in the Pharo environment.
Language Virtual Machines (VMs) are pervasive in every laptop, server, and smartphone, as is the case with Java or Javascript. They allow application portability between different platforms and better usage of resources. They are used in critical applications such as stock exchange, banking, insurance, and health [25]. Virtual machines are an important asset in companies because they allow the efficient execution of high-level programming languages. Nowadays, they even attract investments from large non-system companies, e.g., Netflix 1 , Meta 2 , Shopify 3 and Amazon 4. VMs achieve high-performance thanks to aggressive optimization techniques that observe and adapt the execution dynamically, either by doing just-in-time compilation [5] or by adapting the memory management strategies at runtime [90, 91]. For all these reasons Virtual Machines are highly-complex engineering pieces, often handcrafted by experts, that mix state-of-the-art compilation techniques with complex memory management that collaborate with the underlying operating systems and hardware. However, besides some well-known techniques that are published in research venues, most knowledge and technology around virtual machines are highly concentrated in large companies such as Microsoft, Google, and Oracle, making Virtual Machine construction difficult, and experiments difficult to reproduce and replicate. Language VMs present many multidisciplinary scientific challenges that appear at the intersection of fields such as hardware, system software, compiler, and software language engineering. This document aims to give a brief overview of the current challenges the VM community faces. To keep this document short, we selected remarkable challenges in managed execution, managed memory, performance evaluation, software engineering and security.
Managed languages such as Python, C#, Java or JavaScript are the most popular when looking at the PYPL (PopularitY of Programming Language) index. These languages come with modern engines called virtual machines (VMs) composed of performant and intricate pieces of software such as garbage collectors or just-in-time compilers. As these components need to be extremely performant, they have grown in size and complexity. They are also powerful tools that could become an important breach if exploited maliciously. Using vulnerabilities in a JIT compiler can lead to code injection or JIT spraying attacks, often needing no more than a carefully written input program. Enforcing memory security has been a hot topic for several years; our goal is to extend the RISC-V instruction set to enforce this memory isolation dynamically. This work-in-progress focuses on Pharo, a metacircular VM extended to the RISC-V ISA. We believe that the concepts applied to this VM should be applicable to other implementations.
The ever-growing cost of both training and inference for state-of-the-art neural networks has brought literature to look upon ways to cut off resources used with a minimal impact on accuracy. Using lower precision comes at the cost of negligible loss in accuracy. While training neural networks may require a powerful setup, deploying a network must be possible on low-power and low-resource hardware architectures. Reconfigurable architectures have proven to be more powerful and flexible than GPUs when looking at a specific application. This article aims to assess the impact of mixed-precision when applied to neural networks deployed on FPGAs. While several frameworks exist that create tools to deploy neural networks using reduced-precision, few of them assess the importance of quantization and the framework quality. FINN and Brevitas, two frameworks from Xilinx labs, are used to assess the impact of quantization on neural networks using 2 to 8 bit precisions and weights with several parallelization configurations. Equivalent accuracy can be obtained using lower-precision representation and enough training. However, the compressed network can be better parallelized allowing the deployed network throughput to be 62 times faster. The benchmark set up in this work is available in a public repository (this https URL benchmark).
Les drones sont de plus en plus présents dans notre quotidien, passant du gadget technologique à l’outil de travail. Ils font désormais partie intégrante de la famille des objets connectés et constituent donc une nouvelle surface d’attaque.
DIFT (Dynamic Information Flow Tracking) has been a hot topic for more than a decade. Unfortunately, existing hardware DIFT approaches have not been widely used neither by research community nor by hardware vendors. It is due to two major reasons, current hardware DIFT solutions lack support for multithreaded applications and implementations for hardcore processors. This work addresses both issues by introducing an approach with some unique features, DIFT for multi-threaded software, virtual memory protection (rather than physical memory as in related works) and Linux kernel support using an information flow monitor called RFBlare. These goals are accomplished by taking advantage of a notable feature of ARM CoreSight components (context ID) combined with a custom DIFT coprocessor and RFBlare. The communication time overhead, major source of slowdown in total DIFT time overhead, is divided by a factor 3.8 compared to existing solutions with similar software constraints as in this work. The area overhead of this work is lower than 1% and power overhead is 16.2% on a middle-class Xilinx Zynq SoC.
DIFT (Dynamic Information Flow Tracking) has been a hot topic for more than a decade. Unfortunately, existing hardware DIFT approaches have not been widely used neither by research community nor by hardware vendors. It is due to two major reasons, current hardware DIFT solutions lack support for multithreaded applications and implementations for hardcore processors. This work addresses both issues by introducing an approach with some unique features, DIFT for multi-threaded software, virtual memory protection (rather than physical memory as in related works) and Linux kernel support using an information flow monitor called RFBlare. These goals are accomplished by taking advantage of a notable feature of ARM CoreSight components (context ID) combined with a custom DIFT coprocessor and RFBlare. The communication time overhead, major source of slowdown in total DIFT time overhead, is divided by a factor 3.8 compared to existing solutions with similar software constraints as in this work. The area overhead of this work is lower than 1% and power overhead is 16.2% on a middle-class Xilinx Zynq SoC.
Security is a major issue nowadays for the embedded systems community. Untrustworthy authorities may use a wide range of attacks in order to retrieve critical information. This paper introduces ARMHEx, a practical solution targeting DIFT (Dynamic Information Flow Tracking) on ARM-based SoCs (e.g. Xilinx Zynq). ARMHEx takes profit of ARM CoreSight debug components and static analysis to drastically reduce instrumentation time overhead (up to 90% compared to existing works).
No abstract yet.
Security is a major issue nowadays for the embedded systems community. Untrustworthy authorities may use a wide range of attacks in order to retrieve critical information. This paper introduces ARMHEx, a practical solution targeting DIFT (Dynamic Information Flow Tracking) on ARM-based SoCs (e.g. Xilinx Zynq). Current DIFT implementations suffer from two major drawbacks. First, recovering required information for DIFT is generally based on software instrumentation leading to high time overheads. ARMHEx takes profit of ARM CoreSight debug components and static analysis to drastically reduce instrumentation time overhead (up to 90% compared to existing works). Then, security of the DIFT hardware extension itself is not considered in related works. In this work, we tackle this issue by proposing a solution based on ARM Trustzone.
Security is a major issue nowadays for the embedded systems community. Untrustworthy authorities may use a wide range of attacks in order to retrieve critical information. This paper introduces ARMHEx, a practical solution targeting DIFT (Dynamic Information Flow Tracking) on ARM-based SoCs (e.g. Xilinx Zynq). Current DIFT implementations suffer from two major drawbacks. First, recovering required information for DIFT is generally based on software instrumentation leading to high time overheads. ARMHEx takes profit of ARM CoreSight debug components and static analysis to drastically reduce instrumentation time overhead (up to 90% compared to existing works). Then, security of the DIFT hardware extension itself is not considered in related works. In this work, we tackle this issue by proposing a solution based on ARM Trustzone.
Security in embedded systems is a major concern for several years. Untrustworthy authorities use a wide range of both hardware and software attacks. This paper introduces ARMHEx, a practical solution targeting DIFT (Dynamic Information Flow Tracking) implementations on ARM-based SoCs. Existing DIFT solutions are either hardly portable to SoCs or bring unsuitable time overheads. ARMHEx overcomes both issues using modern debugging CPU features, along with a coprocessor implemented in FPGA logic. This work demonstrates how ARMHEx performs DIFT with negligible communication costs.
The commercial drone market has significantly taken off for a few years. In 2016, sales of drones used for commercial and enterprise purposes was worth 3.4 billion dollars. This fast-growing field raises many questions regarding security since damages caused by such drones could be disastrous. Knowing that in some cases, transmission range is so wide (7 kilometers for a DJI Phantom 4 Pro) and that some drones can lift off more than 30 kg worth of equipment, we cannot deny that there will be (and already are) unexpected and unwanted uses of such a technology. In this article, we introduce DroneJack, an automatic anti-drone solution that can protect an area from being flown over. Using DroneJack, you can conduct a predefined defense over foreign drones as shutting them down, pilot them instead of the true user, direct them towards some GPS coordinates. You can also exploit data owned by the drone to recover photos, videos or flight logs. Even better, you can configure your own attacks on foreign drones and deploy them on DroneJack. Let’s play!
Security in embedded systems is a major concern for several years. Untrustworthy authorities use a wide range of both hardware and software attacks. This paper introduces ARMHEx, a practical solution targeting DIFT (Dynamic Information Flow Tracking) implementations on ARM-based SoCs. Existing DIFT solutions are either hardly portable to SoCs or bring unsuitable time overheads. ARMHEx overcomes both issues using modern debugging CPU features, along with a coprocessor implemented in FPGA logic. This work demonstrates how ARMHEx performs DIFT with negligible communication costs.
No abstract yet.
Internet of Things (IoT) is one of the most fast-growing field in high technologies nowadays. Therefore, lots of electronic devices include wireless connections with several communication protocols (WiFi, ZigBee, Sigfox, LoRa and so on). Nevertheless, designers of such components do not take care of security features most of the time while focusing on communication reliability (speed, throughput and low power consumption). As a consequence, several wireless IoT devices transmit data in plaintext creating lots of security breaches for both eavesdropping and data injection attacks. This work introduces KeyJack, a preliminary proof-of-concept of a solution aiming to eavesdrop wireless devices and hopefully perform injection attacks afterwards. KeyJack operates on widely-used devices: our keyboards! This solution is based on low-cost embedded electronics and gives an attacker or a white hat hacker the possibility to retrieve data from John Doe’s computer. This work also shows that this approach could be used to any wireless device using 2.4GHz radio chips like the NRF24L01 from Nordic Semiconductor.
No abstract yet.
Security is a major issue nowadays for the embedded systems community. Untrustworthy authorities may use a wide range of attacks in order to retrieve critical information. This paper introduces ARMHEx, a practical solution targeting DIFT (Dynamic Information Flow Tracking) on ARM-based SoCs (e.g. Xilinx Zynq). Current DIFT implementations suffer from two major drawbacks. First, recovering required information for DIFT is generally based on software instrumentation leading to high time overheads. ARMHEx takes profit of ARM CoreSight debug components and static analysis to drastically reduce instrumentation time overhead (up to 90% compared to existing works). Then, security of the DIFT hardware extension itself is not considered in related works. In this work, we tackle this issue by proposing a solution based on ARM Trustzone.
Embedded systems are parts of our daily life and used in many fields. They can be found in smartphones or in modern cars including GPS, light/rain sensors and other electronic assistance mechanisms. These systems may handle sensitive data (such as credit card numbers, critical information about the host system and so on) which must be protected against external attacks as these data may be transmitted through a communication link where attackers can connect to extract sensitive information or inject malicious code within the system. This work presents an approach to protect communications in multiprocessor architectures. This approach is based on hardware security enhancements acting as firewalls. These firewalls filter all data going through the system communication bus and an additional flexible cryptographic block aims to protect external memory from attacks. Benefits of our approach are demonstrated using a case study and some custom software applications implemented in a Field-Programmable Gate Array (FPGA). Firewalls implemented in the target architecture allow getting a low-latency security layer with flexible cryptographic features. To illustrate the benefit of such a solution, implementations are discussed for different MPSoCs implemented on Xilinx Virtex-6 FPGAs. Results demonstrate a reduction up to 33% in terms of latency overhead compared to existing efforts.
This talk introduces an efficient and portable approach for DIFT (Dynamic Information Flow Tracking) implementations on reconfigurable chips. DIFT aims to track the application control flow by adding metadata (also known as tags) to information containers (e.g. registers, memory addresses, …), propagating and checking it at runtime. These approaches have been successfully used against a wide range of attacks including buffer overflow, SQL injections and so on.
This work introduces an efficient approach for DIFT (Dynamic Information Flow Tracking) implementations on reconfigurable chips. Existing solutions are either hardly portable or bring unsatisfactory time overheads. This work presents an innovative implementation for DIFT on reconfigurable SoCs such as Xilinx Zynq devices. Even though the feasibility of this approach is currently being studied, the first results are promising.
No abstract yet.
For several years, face recognition has been a hot topic in the image processing field, this technique is applied in several domains such as CCTV, electronic devices delocking and so on. In this context, this work studies the efficiency of a wavelet-based face recognition method in terms of subject position robustness and performance on various systems. The use of wavelet transform has a limited impact on the position robustness of PCA-based face recognition. This work shows, for a well-known database (Yale face database B), that subject position in a 3D space can vary up to 10% of the original ROI size without decreasing recognition rates. Face recognition is performed on approximation coefficients of the image wavelet transform, results are still satisfying after 3 levels of decomposition. Furthermore, face database size can be divided by a factor 64 (22K with K = 3). In the context of ultra-embedded vision systems, memory footprint is one of the key points to be addressed; that is the reason why compression techniques such as wavelet transform are interesting. Furthermore, it leads to a low-complexity face detection stage compliant with limited computation resources available on such systems. The approach described in this work is tested on three platforms from a standard x86-based computer towards nanocomputers such as RaspberryPi and SECO boards. For K = 3 and a database with 40 faces, the execution mean time for one frame is 0.64 ms on a x86-based computer, 9 ms on a SECO board and 26 ms on a RaspberryPi (B model).
Dans le domaine du traitement d’images, la reconnaissance faciale est une technique appliquée dans de nombreuses applications, télésurveillance, accès à des zones restreintes, déverrouillage de systèmes électroniques, etc. Dans ce contexte, cette contribution propose une méthode rapide de reconnaissance faciale basée sur la transformée en ondelettes robuste aux variations de position et de luminosité pour des applications temps réel. La méthode proposée a une tolérance de +/- 10% aux variations de position avec des conditions de luminosité variables. Sur une plateforme embarquée type RaspberryPi, le temps de reconnaissance moyen est de 26 ms par visage avec une empreinte mémoire 64 fois plus faible que l’approche de référence et des taux de reconnaissance équivalents.
Les systèmes embarqués font désormais partie intégrante de la vie quotidienne. Ces systèmes peuvent occasionnellement manipuler des données sensibles liées à l’utilisateur ou au système lui-même : la sécurité des données devient un paramètre important du cycle de développement. Dans le cadre de cet article, nous proposons d’illustrer une solution sécurisée d’une architecture simplifiée implémentée sur un composant reconfigurable FPGA. Les techniques proposées peuvent être utilisées dans différentes applications.
Les systèmes embarqués sont présents dans de nombreux domaines et font même partie de notre quotidien à travers les smartphones ou l’électronique embarquée dans les voitures par exemple. Ces systèmes manipulent des données sensibles (codes de carte bleue, informations techniques sur le système hôte. . . ) qui doivent être protégées contre les attaques extérieures d’autant plus que ces données sont transmises sur un canal de communication sur lequel l’attaquant peut se greffer pour extraire des données ou injecter du code malveillant. Le fait que ces systèmes contiennent de plus en plus de composants dans une seule et même puce augmente le nombre de failles qui peuvent être exploitées pour provoquer des attaques. Les travaux menés dans cemanuscrit s’attachent à proposer une méthode de sécurisation des communications et des mémoires dans une architecture multiprocesseur embarquée dans un composant reconfigurable FPGA par l’implantation de mécanismes matériels qui proposent des fonctions de surveillance et de cryptographie afin de protéger le système contre un modèle de menaces prédéfini tout en minimisant l’impact en latence pour éviter de perturber le trafic des données dans le système. Afin de répondre au mieux aux tentatives d’attaques, le protocole demise à jour est également défini. Après une analyse des résultats obtenus par différentes implémentations, deux extensions sont proposées : un flot de sécurité complet dédié à la mise en route et la maintenance d’un système multiprocesseur sur FPGA ainsi qu’une amélioration des techniques de détection afin de prendre en compte des paramètres logiciels dans les applications multi-tâches.
Nowadays, security is a key constraint in MPSoC development as many critical and secret information can be stored and manipulated within these systems. Addressing the protection issue in an efficient way is challenging as information can leak from many points. However one strategic component of a bus-based MPSoC is the communication architecture as all information that an attacker could try to extract or modify would be visible on the bus. Thus monitoring and controlling communications allows an efficient protection of the whole system. Attacks can be detected and discarded before system corruption. In this work, we propose a lightweight solution to dynamically update hardware firewall enhancements which secure data exchanges in a bus-based MPSoC. It provides a standalone security solution for AXI-based embedded systems where no user intervention is required for security mechanisms update. An FPGA implementation demonstrates an area overhead of around 11% for the adaptive version of the hardware firewall compared to the static one.
Nowadays, embedded systems become more and more complex:the hardware/software codesign approach is a method to create such systems in a single chip which can be based on reconfigurable technologies such as FPGAs (Field-Programmable Gate Arrays). In such systems, data exchanges are a key point as they convey critical and confidential information and data are transmitted between several hardware modules and software layers. In case of an FPGA development life cycle, OS (Operating System) / data updates as runtime communications can be done through an insecure link:attackers can use this medium to make the system misbehave (malicious injection) or retrieve bitstream-related information (eavesdropping). Recent works propose solutions to securely boot a bitstream and the associated OS while runtime transactions are not protected. This work proposes a full boot-to-runtime protection flow of an embedded Linux kernel during boot and confidentiality/integrity protection of the external memory containing the kernel and the main application code/data. This work shows that such a solution with hardware components induces an area occupancy of 10% of a xc6vlx240t Virtex-6 FPGA while having an improved throughput for Linux booting and low-latency security for runtime protection.
Nowadays, security is a key constraint in MPSoC development lifecycle as many critical and secret information can be stored and manipulated in these systems. Monitoring and controlling communications is a method to protect an embedded system from classic attacks such as malicious accesses to restricted components. This work proposes security enhancements based on Block RAMs and AES-GCM ciphering to provide the designer an AXI-compliant design where no user intervention is required for reconfiguration of security services. A Virtex-6 FPGA implementation (with a set of miBench and custom applications) demonstrates a reduction up to 33% in terms latency overhead compared to an unprotected multiprocessor architecture and an area overhead around 10% for the reconfiguration logic.
Nowadays, security is a key constraint in MPSoC development as many critical and secret information can be stored and manipulated within these systems. One strategic point of a bus-based MPSoC is the communication architecture as all data goes through it. Most solutions are currently built at the software level; we believe hardware enhancements also play a major role in system protection. Our approach relies on low complexity distributed security filters connected to all critical IPs of the system. Implementations on a Xilinx xc6vlx240t Virtex-6 FPGA show a latency decrease of 33 % compared to existing efforts while a reconfigurable version of such security services gives a 37% area overhead on a simple dual-processor case study with a 33% latency decrease on a sample image processing application.
Security in MPSoC is gaining an increasing attention since several years. Digital convergence is one of the numerous reasons explaining such a focus on embedded systems as many sensitive and secret data are now stored, manipulated and exchanged in these systems. Most solutions are currently built at the software level; we believe hardware enhancements also play a major role in system protection. One strategic point is the communication layer as all data goes through its architecture. Monitoring and controlling communications enable to fend off attacks before system corruption. In this work, we propose an efficient solution with several hardware enhancements to secure data exchanges in a bus-based MPSoC. Our approach relies on low complexity distributed firewalls connected to all critical IPs of the system. Designers can deploy different security policies (access right, data format, authentication, confidentiality) in order to protect the system in a flexible way. To illustrate the benefit of such a solution, implementations are discussed for different MPSoCs implemented on Xilinx Virtex-6 FPGAs. Results demonstrate a reduction up to 33% in terms of latency overhead compared to existing efforts.
Cryptographic message authentication is a growing need for FPGA-based embedded systems. In this paper a customized FPGA implementation of a GHASH function that is used in AES-GCM, a widely-used message authentication protocol, is described. The implementation limits GHASH logic utilization by specializing the hardware implementation on a per-key basis. The implemented module can generate a 128bit message authentication code in both pipelined and unpipelined versions. The pipelined GHASH version achieves an authentication throughput of more than 14 Gbit/s on a Spartan-3 FPGA and 292 Gbit/s on a Virtex-6 device. To promote adoption in the field, the complete source code for this work has been made publically-available.
The need for security in embedded systems has strongly increased since several years. Nowadays, it is possible to integrate several processors in a single chip. The design of such multiprocessor systems-on-chip (MPSoC) must be done with a lot of care as the execution of applications may lead to potential vulnerabilities such as revelation of critical data and private information. Among the critical points, protection of the communications is very sensible as most of the data are exchanged through the communication architecture of the system. This paper targets this point and proposes an efficient (in terms of latency-area trade-off) and distributed solution based on full hardware interfaces to protect AXI-based MPSoC architectures. This solution does not require software modifications and should be portable to other technologies using ARM communication standard. A case study implemented on Virtex-6 FPGAs is given in this work. The reliability of our solution is studied on larger-scale architectures using a set of benchmarks and a comparison with existing solutions.
The need for security in embedded systems has strongly increased since several years. Nowadays, it is possible to integrate several processors in a single chip. The design of such multiprocessor systems-on-chip (MPSoC) must be done with a lot of care as the execution of applications may lead to potential vulnerabilities such as revelation of critical data and private information. Thus it becomes mandatory to deal with security issues all along the design cycle of the MPSoC in order to guarantee a global protection. Among the critical points, the protection of the communications is very sensible as most of the data are exchanged through the communication architecture of the system. This paper targets this point and proposes a solution with distributed enhancements to secure data exchanges and to monitor communications within a MPSoC. In order to validate our contribution, a case study based on a generic multiprocessor architecture is considered.
No abstract yet.
The paper presents a novel concept of processor aimed at symmetric-key cryptographic applications. Its architecture is optimized for implementation of common cryptography tasks. The processor has 128-bit separated data and key registers, dedicated instruction set optimized for key generation and management, embedded cipher, and embedded random number generator. From an architectural point of view, the most important characteristic of the proposed crypto-processor is the physical separation of data and key registers and buses, insuring that confidential keys will never leave the system in clear. This way, the processor enables to separate protected and unprotected security zones easily and also achieve complete physical isolation of key management and data zones inside the single FPGA. The first version of the processor implemented in Xilinx Virtex 5 FPGA device achieves the frequency of 160 MHz and it occupies 1343 configurable logic blocks and 21 embedded memory blocks.
La production de systèmes embarqués sécurisés ne cesse de progresser depuis plusieurs années. Ceci est dû au fait que des failles de sécurité potentielles sont présentes dès que l’on manipule des données sensibles ou des informations privées, ce qui rajoute de la complexité au développement d’un tel produit. Par conséquent, il est désormais indispensable de penser à la sécurité tout au long du flot de conception afin de garantir une protection globale des systèmes embarqués. La protection des communications est un problème fondamental étant donné que la majorité des données circulent à travers l’architecture de communication du système. Dans cet article, nous nous concentrons sur ce point et une solution est proposée pour échanger des données dans un environnement sécurisé et implanter un mécanisme de surveillance des communications dans une architecture multi-processeurs. Le travail présenté dans ce papier fait partie du projet SecReSoC financé par l’ANR. Afin de valider les résultats, un cas d’étude est proposé. Il s’agit d’un token USB capable de chiffrer ou déchiffrer à la volée des fichiers stockés sur un ordinateur.
The development of secured embedded systems is in full expansion. The more we need complex treatments, the more we need to think about the security inside a system and its several elements. We participate in an ANR project aiming to develop a USB token able to cipher or decipher ”on-the-fly” files stored on a computer. The USB token is based on a MPSoC and our work focus on the security of communications between the processors and the other IPs in order to avoid critical informations theft from attackers.