1,721,027 research outputs found
Memory Encryption Support for an FPGA-based RISC-V Implementation
No full textSecurity is an important driver for the evolution of the RISC-V architecture. Several initiatives aim at exploiting the privileged architecture and the Physical Memory Protection mechanisms foreseen by the RISC-V specification as a foundation for robust trusted execution environments. This short paper introduces a memory encryption unit fitting the organization of the RISC-V privileged architecture. The unit is suitable for very resource-constrained systems and is mainly targeted at FPGA devices. The design relies on a flexible and efficient stream cipher, the ChaCha algorithm. The work presents an overview of the system architecture and the detail of the FPGA-based implementation of the memory encryption unit, along with some experimental evaluation and comparisons with state-of-the-art contributions
A Pluggable Vector Unit for RISC-V Vector Extension
No full textVector extensions have become increasingly important for accelerating data-parallel applications in areas like multimedia, data-streaming, and Machine Learning. This interactive presentation in-troduces a microarchitectural design of a vector unit compliant with the RISC- V vector extension v1.0. While we targeted a specific core for demonstration, CVA6, our architecture is designed so as to ensure extensibility, maintainability, and re-usability in other cores. Furthermore, as a distinctive feature, we support speculative execution and precise vector traps. The paper provides an overview of the main motivation, design choices, and implementation details, followed by a qualitative and quantitative discussion of the results collected from the synthesis of the extended CVA6 RISC-V core
Evaluation of HPC Acceleration and Interconnect Technologies for High-Throughput Data Acquisition
No full textEfficient data movement in multi-node systems is a crucial issue at the crossroads of scientific computing, big data, and high-performance computing, impacting demanding data acquisition applications from high-energy physics to astronomy, where dedicated accelerators such as FPGA devices play a key role coupled with high-performance interconnect technologies. Building on the outcome of the RECIPE Horizon 2020 research project, this work evaluates the use of high-bandwidth interconnect standards, namely InfiniBand EDR and HDR, along with remote direct memory access functions for direct exposure of FPGA accelerator memory across a multi-node system. The prototype we present aims at avoiding dedicated network interfaces built in the FPGA accelerator itself, leaving most of the resources for user acceleration and supporting state-of-the-art interconnect technologies. We present the detail of the proposed system and a quantitative evaluation in terms of end-to-end bandwidth as concretely measured with a real-world FPGA-based multi-node HPC workload
Flexible privilege management for microcontroller-class RISC-V cores
No full textThe trustworthiness of microcontroller-class devices is crucial for a growing spectrum of applications involving embedded and industrial systems, ranging from robotics to avionics, from sensor networks to health. In that respect, integrating security-aware processes into design methodologies can lead to products that are more resilient to attacks and provide native protection mechanisms capable of mitigating system vulnerabilities, hence reducing damages and recovery costs. Based on the increasing interest in open-source hardware and relying on the non-proprietary RISC-V specification, in this work we aim to explore architectural extensions serving as a baseline for establishing a Trusted Execution Environment (TEE) in microcontroller-class processor cores targeted at embedded and industrial applications, especially those with some form of latency-sensitive requirements. We point out that supporting a trusted environment in this type of systems is particularly challenging and we identify a minimum set of hardware-level protection mechanisms, with limited assumptions on the available privileged modes and protection support. The reference architecture is demonstrated by extending a lightweight RISC-V core, Ibex. As shown in the last part of our work, the proof-of-concept design achieves flexible support for isolation at a modest overhead in terms of additional hardware resources and delay, thereby fully matching the constraints of latency-sensitive deeply embedded applications
FPGA-based real-time monitoring support for CAN applications
No full textThis technical contribution deals with monitoring support for CAN, a popular protocol in automotive and robotics applications with various levels of criticality, therefore requiring strict reliability and performance guarantees. While software implementations for CAN-based monitoring applications are very flexible, they may face prohibitive overheads in terms of latency and responsiveness. We present a customizable hardware-based CAN filter designed to enable real-time monitoring and anomaly detection, which can be employed in critical systems with stringent response time requirements. As shown in the paper, an advanced CAN monitor relying on the customizable FPGA-based filter can bridge the limitations of software solutions by drastically reducing latency –around 10X compared to software–showing that the adoption of FPGA technologies in a critical industrial environment can bring key benefits in terms of real-time features and flexibility
Combining Programmable Hardware and Web Services Technologies for Delivering High-Performance and Interoperable Security
No full textInformation security is a key requirement in emerging networked
scenarios, which typically involve a large variety of
heterogeneous, often resource-constrained devices. Providing
security to this emerging class of distributed applications raises
a number of new challenges. This paper discusses such challenges with respect to two key
security services, namely Public Key certification and digital timestamping,
and presents a multi-tier architecture which combines a
hardware-accelerated back-end and a Web Services based web tier to
for achieving interoperability while boosting performance.
The paper describes the organization of the multi-tier
architecture, provides a detailed description of individual
components, and presents the results of a thorough experimental
campaig
Adaptable parsing of real-time data streams
No full textToday’s business processes are rarely accomplished inside the companies domains. More often they involve entities geographically distributed which interact in a loosely coupled cooperation. While cooperating, these entities generate transactional data streams, such as sequences of stock-market buy/sell orders, credit-card purchase records, Web server entries, and electronic fund transfer orders. Such streams are often collections of events stored and processed locally, and they thus have typically ad-hoc, heterogeneous formats. On the other hand, elements in such data streams usually share a common semantics and indeed they can be profitably mined in order to obtain combined global events. In this paper, we present an approach to the parsing of heterogeneous data streams based on the definition of format-dependent grammars and automatic production of ad-hoc parsers. The stream-dependent parsers can be obtained dynamically in a totally automatic way, provided that the appropriate grammar, written in a common format, is fed into the system. We also present a fully working implementation, that has been successfully integrated into a telecommunication environment for real-time processing of billing information flows
Performance Evaluation of Security Services: An Experimental Approach
No full textRecent advances in wireless technologies have enabled pervasive connectivity to Internet scale systems which include heterogeneous mobile devices, such as mobile phones and personal digital assistants, a trend which is generally referred to as ubiquitous computing. This leads to the need for providing security functions to applications which are partially deployed over wireless devices. Delivering security services to mobile devices raises a number of challenging issues, mostly related to the limited amount of computing power which is typically available on the target plat-forms. Some promising solutions rely on multi-tier architectures, which are based on the emerging Web services technology. In this scenario, understanding the impact of architectural characteristics of specific platforms is a key issue for practitioners who have to develop and deploy efficient security-enabled applications on mobile devices. This paper provides an experimental study of the impact that specific characteristics of individual mobile device platforms have on the final performance of security applications. Focus is on performance and resource utilization, which are key aspects when one develops applications on mobile devices. The case study is a Web services based solution for delivering public key infrastructure (PKI) services to mobile devices. Experiments have been conducted on three different mobile terminals, which span a large range of characteristics in the class of resource-constrained devices. Results show that: i) performance figures are not uniform in spite of similar underlying hardware characteristics, and ii) security and performance are often conflicting requirement
- …
