ABSTRACT
SoCFPGAs or FPGAs integrated on the same die with chip multi processors have made it to the market in the past years. In this article we analyse various security loopholes, existing precautions and countermeasures in these architectures. We consider Intel Cyclone/Arria devices and Xilinx Zynq/Ultrascale devices. We present an attacker model and we highlight three different types of attacks namely direct memory attacks, cache timing attacks, and rowhammer attacks that can be used on inadequately protected systems. We present and compare existing security mechanisms in this architectures, and their shortfalls. We present real life example of these attacks and further countermeasures to secure systems based on SoCFPGAs.
- Buffer Overflow Attacks, James C. Foster and Vitaly Osipov and Nish Bhalla and Niels Heinen. 2005.Google Scholar
- Altera. Rocketboard linux kernel. https://github.com/altera-opensource/linux-socfpga. Accessed: 2017-11-21.Google Scholar
- ALTERA. Altera Cyclone V Technical Reference Manual. ALTERA, San Jose, CA, USA, 2016.Google Scholar
- AMAZON. Amazon EC2 F1 Instances. AMAZON. Accessed: 2017-04-12.Google Scholar
- J. Corbet. Pagemap: security fixes vs. abi compatibility. https://lwn.net/Articles/642069/. Accessed: 2017-04-12.Google Scholar
- L. Duflot, Y.-A. Perez, and B. Morin. What if you can't trust your network card? In Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, RAID'11, pages 378--397, Berlin, Heidelberg, 2011. Springer-Verlag. Google ScholarDigital Library
- U. Frisk. pcileech: Direct memory access (dma) attack. https://securityonline.info/pcileech-direct-memory-access-dma-attack-software-2/. Accessed: 2017-11-21.Google Scholar
- R. Hund, C. Willems, and T. Holz. Practical timing side channel attacks against kernel space aslr. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 191--205, May 2013. Google ScholarDigital Library
- Y. Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu. Flipping bits in memory without accessing them: An experimental study of dram disturbance errors. ISCA '14, pages 361--372, Piscataway, NJ, USA, 2014. IEEE Press. Google ScholarDigital Library
- E. Ladakis, L. Koromilas, G. Vasiliadis, M. Polychronakis, and S. Ioannidis. You can type, but you cant hide: A stealthy gpu-based keylogger. 2013.Google Scholar
- F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-level cache side-channel attacks are practical. In 2015 IEEE Symposium on Security and Privacy, pages 605--622, May 2015. Google ScholarDigital Library
- A. Markuze, A. Morrison, and D. Tsafrir. True iommu protection from dma attacks: When copy is faster than zero copy. SIGARCH Comput. Archit. News, 44(2):249--262, Mar. 2016. Google ScholarDigital Library
- M. Nazarewicz. A deep dive into cma. https://lwn.net/Articles/486301/. Accessed: 2017-11-21.Google Scholar
- U. of Nagoya. Toyohashi open platform for embedded real-time systems. http://www.toppers.jp/en/safeg.html. Accessed: 2017-11-21.Google Scholar
- A. One. Smashing the stack for fun and profit. Phrack, 7(49), November 1996.Google Scholar
- D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: The case of aes. In Proceedings of the 2006 The Cryptographers' Track at the RSA Conference on Topics in Cryptology, CT-RSA'06, pages 1--20, Berlin, Heidelberg, 2006. Springer-Verlag. Google ScholarDigital Library
- C. Percival. Cache missing for fun and profit. In Proc. of BSDCan 2005, 2005.Google Scholar
- M. Seaborn and T. Dullien. Exploiting the DRAM rowhammer bug to gain kernel privileges.Google Scholar
- Sierraware. Sierratee trusted execution environment. https://www.sierraware.com/open-source-ARM-TrustZone.html. Accessed: 2017-11-21.Google Scholar
- P. Stewin and I. Bystrov. Understanding dma malware. In Proceedings of the 9th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA'12, pages 21--41, Berlin, Heidelberg, 2013. Springer-Verlag. Google ScholarDigital Library
- J. Stuecheli, B. Blaner, C. R. Johns, and M. S. Siegel. Capi: A coherent accelerator processor interface. IBM Journal of Research and Development, 59(1):7:1--7:7, Jan 2015.Google ScholarDigital Library
- V. van der Veen, Y. Fratantonio, M. Lindorfer, D. Gruss, C. Maurice, G. Vigna, H. Bos, K. Razavi, and C. Giuffrida. Drammer: Deterministic rowhammer attacks on mobile platforms. CCS '16, pages 1675--1689, New York, NY, USA, 2016. ACM. Google ScholarDigital Library
- G. Vasiliadis, M. Polychronakis, and S. Ioannidis. Gpu-assisted malware. Int. J. Inf. Secur., 14(3):289--297, June 2015. Google ScholarDigital Library
- Xilinx. The official linux kernel from xilinx. https://github.com/Xilinx/linux-xlnx. Accessed: 2017-11-21.Google Scholar
- XILINX. Zynq 7000 Technical Reference Manual. XILINX, 2016.Google Scholar
Recommendations
A Security Vulnerability Analysis of SoCFPGA Architectures
2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC)SoCFPGAs or FPGAs integrated on the same die with chip multi processors have made it to the market in the past years. In this article we analyse various security loopholes, existing precautions and countermeasures in these architectures. We consider Intel ...
Analysis and countermeasures of security vulnerability on portal sites
ICUIMC '11: Proceedings of the 5th International Conference on Ubiquitous Information Management and CommunicationRecently, major portal sites are suffering from a number of attacks and it is growing exponentially. July 2009, there has been system failure on government sites and some of the major portal sites due to the DDoS (Distributed Denial of Service) attack. ...
Measuring and ranking attacks based on vulnerability analysis
As the number of software vulnerabilities increases, the research on software vulnerabilities becomes a focusing point in information security. A vulnerability could be exploited to attack the information asset with the weakness related to the ...
Comments