A design approach to automatically generate on-chip monitors during high-level synthesis of hardware accelerator

Abstract

Embedded systems often implement safety critical applications making security a more and more important aspect in their design. Control-Flow Integrity (CFI) attacks are used to modify program behavior and can lead to learn valuable information directly or indirectly by perturbing a system and creating failures. Although CFI attacks are well-known in computer systems, they have been recently shown to be practical and feasible on embedded systems as well. In this context, CFI checks are mainly used to detect unintended software behaviors while very few works address non programmable hardware component monitoring. In this paper, we present a hardware-assisted paradigm to enhance embedded system security by detecting and preventing unintended hardware behavior. We propose a design approach that designs on-chip monitors (OCM) during High-Level Synthesis (HLS) of hardware accelerators (HWacc). Synthesis of OCM is introduced as a set of steps realized concurrently to the HLS flow of HWacc. Automatically generated OCM checks at runtime both the input/output timing behavior and the control flow of the monitored HWacc. Experimental results show the interest of the proposed approach: the error coverage on the control flow ranges from 99.75% to 100% while in average the OCM area overhead is less than 10%, the clock period overhead is at worst less than 5% and impact on the synthesis time is negligible.