Firewalling in NoC based SoCs

I have been trying to do different things in NoC and one thing led to another and now I’m doing security research. The first thing we tried to accomplish is to consider the idea of all the micro-architectural attacks on processors such as meltdown and spectre. If you analyze how they work, you get to this: before the data is committed at the last stage of the pipeline (including an exception rising, since the class of spectre attacks are based on faults), something can happen to the shared resources that the processor ignores (such as cache content).

In NoC-based SoCs, usually the cache (or at least the Last Level Cache or LLC) is placed at a node that can communicate with outside, and is shared by all the nodes. So the first thing that one can do is to protect the access of those tasks without privilege to parts of the cache before the commit is done. One of the most straightforward ways to do that is to use firewalls as a means to block traffic of those unprivileged tasks which want to access the cache. And one should design it in order to be able to be dynamically reconfigurable.
So what we did is the following, at each Network Interface you have 2 sets of tables: i) initiator tables which checks if the node that is initiating the traffic has the right to do so, and ii) the target tables which checks the incoming packets. Now if we assign a node as system manager, this node can easily update the firewalls on the chip.

Now you might ask why firewalls, why not just put one table in the node that has the cache, and have a single manager? I think the main answer is that we can do much more than this with firewalls. we can make sure that the no node with low privilege can talk to other nodes, Hence provide other isolations between the tasks running on the system. Also, I believe we can successfully use firewalls in order to address flooding denial of service attacks by restricting the initiator nodes tables.

There is a couple of problems with this though, one, a central system manager node is not a scalable solution, we see that the reconfiguration time grows to an unsustainable level when we have larger and larger NoCs. The second problem is the serial nature of the reconfiguration. In many many scenarios you want an initial uniform and fast setting over the chip and maybe do several tweaks later on to the system. Addressing the first problem is relatively easy, you can assign several manager nodes. Where each node controls a set of nodes firewalls.

On the other hand, in order to tackle the serialization problem we need to think about broadcasting messages. This is whole different beast to handle. Broadcasting has a deadlock issue that should be addressed. Imagine two broadcasting flows enter a router, where each flow wants to send packets to all other directions. Now imagine if each of the flows at least acquire one output port and keep waiting for the other flow to release the port. This will happen in 2 cases, if flows are coming from 2 different nodes and alternatively if two flows of the same broadcasting message reach to the same node via different paths (the latter can easily happen in non-Dimension Order Routing). To tackle this problem we can do 2 things: i) make reconfiguration zones (each zone has 1 manager and there will be no competitor node) and ii) to use Dimension Order Routing (DOR) in each zone in order to make sure that packets of the same flow will never meet. There are a few other obstacles to make the zones flexible enough so all the packets can communicate freely to each other and I hope you can take a look at our solutions in the paper.

Now we can have a NoC with firewalls that can have a parallel reconfiguration scheme with a multiple manager scenario hence making it an scalable solution. This will dramatically improve the firewalling schemes on NoC based systems. You can see the result of this work in the following publications:

  • “Enabling Secure MPSoC Dynamic Operation through Protected Communication”, Siavoosh Payandeh Azad, Behrad Niazmand, Gert Jervan, Johanna Sepulveda, ICECS 2018
  •  “Dynamic and Distributed Security Management for NoC based MPSoCs”, Siavoosh Payandeh Azad, Gert Jervan, Johanna Sepulveda, ALCHEMY workshop 2019 .