Secure admission and execution of applications in many-core systems

Abstract

Many-core architectures are similar to a computer network, where it is necessary to ensure the security during the execution of sensitive applications. This article discusses two security-related issues: the secure admission of applications and the prevention of resource sharing during their execution. The safe application admission is an open research subject for many-core systems. Although several methods are available for the Internet, computer networks, and software in general, low-cost computational proposals were not yet been proposed for many-core systems. Methods preventing resource sharing adopts firewalls, encryption mechanisms, and resource isolation to deal with the security threats. This paper proposes a protocol, executed at runtime, to tackle these issues. The application admission authenticates trusty entities. An entity authenticated might deploy applications, requiring only a MAC verification to guarantee the application integrity. Secure applications are mapped into continuous secure zones (SZ), with the reservation of all Processing Elements (PEs) and communication resources. All traffic flows that should cross the SZ are rerouted to the outside of the SZ. Such isolation approach avoids Deny-of-Service (DoS), timing, and spoofing attacks and guarantees confidentiality and integrity. The cost of the protocol is the latency required to start the secure applications. Results evaluate this latency, showing the effectiveness on adopting the proposed protocol to execute sensitive applications on many-core systems.