ARMOR : Accelerator Runtime Monitoring and cOntrolled identity enfoRcement

Aya Jendoubi, Jean-Christophe Prévotet, Philippe Tanguy, Pascal Cotret

Workshop on Design and Architectures for Signal and Image Processing — 2026

Dynamically reconfigurable hardware offers significant adaptability and performance advantages for modern System-on-Chip (SoC) architectures, but also enlarges the system’s attack surface. Previous work has shown that reconfigurable accelerators can exploit weaknesses in Input Output Memory Management Unit (IOMMU) to perform unauthorized Direct Memory Accesss (DMAs), revealing limitations in current I/O protection mechanisms. This paper presents ARMOR, a hardware mechanism designed to ensure the trustworthy integration of reconfigurable accelerators within IOMMU-enabled SoCs. ARMOR enforces secure device identity verification and provides runtime supervision of accelerator activity to detect and prevent abnormal or malicious behavior. Implemented in a RISC-V environment and validated through simulation, it effectively prevents I/O-based attacks while maintaining system compatibility and low performance overhead.

← Back to publications