Print Email Facebook Twitter Sharing external memory resources between strongly isolated domains in high-end security applications Title Sharing external memory resources between strongly isolated domains in high-end security applications Author Kruijsse, Hendrik Jan (TU Delft Electrical Engineering, Mathematics and Computer Science) Contributor Wong, J.S.S.M. (mentor) Op 't Land, S.T. (mentor) van Leuken, T.G.R.M. (graduation committee) Degree granting institution Delft University of Technology Programme Electrical Engineering | Embedded Systems Date 2023-04-04 Abstract Nowadays, the society strongly depends on computer networks and systems as a means of reliable communication and data storage. In order to maintain absolute security of the networks and thus the society, one would need to separate everything, but this is not feasible. Consequently, sharing of resources is inevitable. There are security products that rely on an FPGA to create domain separation. The domain separation is required to prevent leakage of confidential information and manipulating of critical processes. A modern FPGA has enough resources to have multiple soft-cores initiated on it- each of them working in a different domain. However, due to the limited amount of IO pins on an FPGA, using multiple DRAM chips is not an option. Therefore a single DRAM is shared between multiple soft-cores, threatening the domain separation. The main threats when using a shared DRAM are communication channels due to latency deviations, data corruption due to rowhammering and direct access to unauthorized data due to the data being available on shared addresses. Research has been done to determine what causes the latency deviation and how to mitigate it. The results of the research are that the only fundamental solution to mitigate the latency deviation is to have a fixed latency when accessing the DRAM. A fixed time arbiter is designed and tested. The fixed time arbiter is using a deterministic delay after each DRAM access in order to mitigate the latency deviation. Before mitigating the rowhammer vulnerability it is shown that rowhammering causes bitflips not only in the adjacent rows, but also in non-adjacent rows. To mitigate the rowhammer vulnerability for adjacent rows, a row refresher is created that tracks the rows that are accessed and refreshes the adjacent rows when accessed more than the bitflip threshold. To mitigate the vulnerability for non adjacent rows a test is created to give an overview of all non adjacent rows that contain bitflips so that those rows can be be dedicated as unused guard rows. The last part that is implemented is an address mapper to be sure that no soft-core can access the addresses of another soft-core. The fixed time arbiter, row refresher and address mapper are combined into the memory domain protector. The consequence on the bandwidth of the DRAM is that the bandwidth is halved compared to the benchmark design. The memory domain protector also uses 23× more logic than a standard arbiter. Subject dramcyber securityRowhammer Attacksrowbuffer attacksDRAM attacksDRAM vulnerabilitiessharing dram To reference this document use: http://resolver.tudelft.nl/uuid:30546ab3-e9f1-4897-b457-337977b017b4 Part of collection Student theses Document type master thesis Rights © 2023 Hendrik Jan Kruijsse Files PDF FinalReport.pdf 1.04 MB Close viewer /islandora/object/uuid:30546ab3-e9f1-4897-b457-337977b017b4/datastream/OBJ/view