Secure by design Systems on Chip
Description
Today, systems-on-chips can be found in every industrial sector. This is due to the combination of high performance and a low energy footprint. These two facets have been highly valued, and have concentrated the bulk of development efforts, to the detriment of security. Security has only been taken into account relatively recently, through retrofitting. However, there have been some pioneering efforts, such as ARM's TrustZone technology, to make systems more secure. TrustZone separates processes into two worlds: a “secure” world, and a “rich” world with limited privileges, which cannot access resources in the “secure” world. But these solutions are ill-suited to the integration of potentially unreliable devices within systems-on-chips. The pressure of time-to-market, but also of reduced development costs, motivates the re-use of non-certified, potentially even “black-box” hardware IPs. The challenge is therefore to propose a low-cost approach to securing systems by design. Among the solutions available in the literature, the “TrustSoc” proposal is based on the insertion of rights controllers at the I/O level of both slave (e.g. memory) and master (e.g. processor, IP block) devices. These controllers implement various policies (filtering, penalty). This solution is portable to both ARM and RISC-V processors, both of which are widely used in embedded applications. The software component of the solution, currently being finalized, is based on seL4, a formally verified, high-performance operating system microkernel, which enables resources to be allocated while ensuring their proper use. As part of TrustSoc, it guarantees non-usurpation of identity when writing to the bus.
.png)
