Industry is moving towards large-scale system-on-chip (SoC) designs where heterogeneous components such as processor cores, DSPs, memory controllers, and accelerator units are bundled via 2.5D integration. That is, these components are fabricated separately onto chiplets and then integrated using an interconnect carrier, a so-called interposer. Independently, however, general-purpose SoC architectures have raised significant security concerns. Therefore, with many IP modules and hardware components coming from various third-party vendors and manufacturers, ensuring security and integrity of chiplets-based system is a grand challenge. Further, malicious software running within a chiplet can pose significant risks as well. In this work, we propose to leverage an active interposer as secure-by-construction, generic root of trust platform for such modern systems. Our work presents a new architectural framework where untrusted processing elements, running untrusted code, are integrated on top of such an interposer-based root of trust, allowing us to detect and prevent any form of malicious messages exchanged between the heterogeneous components. Our technique has limited design overhead that is furthermore restricted to the active interposer, allowing the heterogeneous components within chiplets to remain untouched. We show that our scheme correctly handles attempted security violations with little impact on system performance, around 4%.
翻译:工业正在向大型系统芯片(SoC)设计发展,其中处理器核心、DSP、内存控制器和加速器等各种部件通过2.5D集成捆绑起来。也就是说,这些部件是单独制造的,放在芯片上,然后使用一个互连的载体,即所谓的互连器。然而,独立地,一般用途的 SoC结构引起了重大的安全关切。因此,许多IP模块和硬件组件来自各种第三方供应商和制造商,确保基于芯片的系统的安全性和完整性是一项巨大的挑战。此外,在芯片内运行的恶意软件也可能带来重大的风险。在这项工作中,我们提议利用一个积极的互连器作为安全的逐条、通用的信任平台,用于这种现代系统。我们的工作提出了一个新的建筑框架,在这个架构中,不受信任的处理元素,运行不受信任的代码,在这种基于互连锁软件的根根上集成,使我们能够检测和防止在混和元件部件之间交换任何形式的恶意信息。我们的技术限制了设计顶部设计,而这种设计也限制了我们固定地管理着固定的系统。