Dynamic spatially isolated secure zones for NoC-based many-core accelerators

Abstract

Many-core architectures are becoming a major execution platform in order to face the increasing number of applications executed in parallel. While these architectures provide massive parallelism and high performance to the users, they also introduce key challenges in terms of security. Indeed, in order to leverage performance, a great number of applications running in parallel may share resources. A malicious application may compromise other applications sharing common resources or the whole system by directly accessing, deducing or retrieving sensitive data. This work focuses on a many-core accelerator architecture extended with mechanisms allowing the logical and spatial isolation of sensitive applications through the dynamic creation of secure zones. Each sensitive application is executed within a secure zone avoiding any resource sharing with other potentially malicious applications, preventing denial of services within the secure zones as well as confidentiality and integrity attacks. A set of services guarantying the dynamic creation and handling of spatially isolated secure zones in a many-core accelerator architecture is proposed. These services are integrated into a software controller on a many-core accelerator architecture and evaluated through virtual prototyping.