Runtime creation of continuous secure zones in many-core systems for secure applications

Abstract

Security is an important design issue in current many-core systems. Several applications run simultaneously, processing sensitive data. The literature describes different attacks on many-core systems, stealing data from processors, by unauthorized access to the memories, and from the communication infrastructure, by sniffing the packets or even modifying them using Hardware Trojans. Thus protect at the same time the computation and communication infrastructures is a paramount requirement to add security to applications processing sensitive data. This paper presents a method to create at runtime secure zones in the many-core, by reserving the computation and communication resources exclusively to the secure application. The method isolates the processing elements of the secure zone, blocking any traffic to cross the region. Traffic that should cross the secure zone is forwarded to the outside of the region using a dynamic rerouting mechanism. The main contribution of this paper is the proposition of an algorithm to define the secure zone. Results evaluate the cost to execute the proposed algorithm with different secure zone shapes, showing that its execution cost is small and that several secure application may execute in parallel, using different regions of the many-core.